CVE-2021-40119

Description from NVD

A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user.

Information Acquisition Date:2021-11-30T16:40Z
CVSS 2.0: 10.0 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:C/I:C/A:C

NVD References

 20211103 Cisco Policy Suite Static SSH Keys Vulnerability
     source:CISCO
     tags:Vendor Advisory    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Cisco(1 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://thehackernews.com/2021/11/hardcoded-ssh-key-in-cisc...9
https://github.com/CVEProject/cvelist/pull/33698
https://tools.cisco.com/security/center/content/CiscoSecuri...5
https://twitter.com/RigneySec/status/14565056991150243853

Information from Twitter

User URL Info Source Date
No Data

List of frequently cited URLs

URLNum of Times Referred to
thehackernews.com9
github.com8
tools.cisco.com5
twitter.com3

Information from Twitter

User URL Info Source
No Data
GitHub Search Results: Up to 10
NameURL
No Data
GitHub Search Results: Up to 10
NameURL
No Data
2023/04/04 Score : 0
Added Har-sia Database : 2021/11/04
Last Modified : 2023/04/04
Highest Scored Date : 2021/11/05
Highest Score : 40