2 SSH vulnerabilities have been discovered on Cisco Virtual Appliances because the virtual machines running on VMWare and KVM virtualization platforms share a default authorized SSH key. There are already patches for these vulnerabilities. The SSH keys were initially created for customer support access. If a user were to maliciously employ these keys, they would have unlimited access and control.
Tim Erlin, director of IT security and risk strategy at Tripwire, says it is hard to say what the impact would be as no one knows the number of devices deployed.
Tim Erlin, director of IT security and risk strategy at Tripwire :
“To truly understand the scope of impact of any vulnerability, we’d have to know the number of devices actually deployed.
It’s great that there’s an update to address this issue, but customers must actually apply the patch to be protected. Unfortunately, there’s often a lag between update availability and effective deployment of patches, creating a window of risk.
Because this vulnerability affects virtual images, it’s entirely possible that some infected images could lay dormant through the initial update cycle, then introduce the vulnerability at a later date.”
Tim Erlin is a Director of Product Management at Tripwire, and is responsible for the Suite360 product line including Vulnerability Management, Configuration Auditing, and Policy Compliance. Previously, in his nearly 10 year tenure at nCircle, he has also held the positions of Senior Sales Engineer and QA Engineer. Tim’s career in information technology began with project management, customer service, as well as systems and network administration. Tim is a member of ISSA, and frequently hosts corporate webinars on various topics, including regulatory compliance.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.