Vulnerability Alert: CVE-2022-20773 – Default SSH Host Key

Risk Rating: HIGH

Affected Product: Cisco Umbrella Virtual Appliance 

Affected Version: Virtual Appliance <= 3.3.2 

Patched Version: Please see Remediation(s) section for more details. 

Vendor: Cisco 

Date of Disclosure: 20.04.2022 

Introduction:

Cisco Umbrella Virtual Applications contains a vulnerability in the key based SSH authentication mechanism which could potentially allow a remote unauthenticated attacker to impersonate the appliance. The vulnerability is due to a default SSH host key value within the product. 

Impact:

This vulnerability facilitates an attacker’s ability to perform a Man in the Middle (MiTM) attack on SSH connections to vulnerable Umbrella VA appliances. Successful exploitation can allow an attacker to obtain administrator credentials, modify configurations of the device or reload it entirely. 

It should be noted that SSH is not enabled by default, however, which reduces the vulnerabilities risk rating from CRITICAL. The process to identify whether SSH is enabled on an Umbrella VA appliance, as well as the version, is documented in the Cisco advisory included in the links and resources section. 

Remediation(s):

Cisco released updates that remediate this vulnerability, it is recommended to apply the software updates immediately. A link to Cisco’s advisory, which includes guidance on how to upgrade Umbrella VA appliances has been included in the links and resources section.

There are no workarounds for mitigating this vulnerability, the updates are the only option for remediation at present.

Links & Resources: 

Risk Crew