Cisco Policy Suite Static SSH Keys Vulnerability [CVE-2021-40119]
CVE number = CVE-2021-40119
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user.
This vulnerability is due to a weakness in the SSH subsystem of an affected system. An attacker could exploit this vulnerability by connecting to an affected device through SSH. A successful exploit could allow the attacker to log in to an affected system as the root user.
Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.
Vulnerable Products
This vulnerability affects Cisco Policy Suite.
Customers are advised to take appropriate actions as indicated in the following table:
| Cisco Policy Suite Software Release | Vulnerability status | Remediation action |
|---|---|---|
| Earlier than 20.2.0 | Vulnerable | Upgrade to 21.1.0. |
| 20.2.0 | Vulnerable | Contact TAC to get a patch installed. |
| 21.1.0 | Vulnerable | Change the default SSH keys. |
| 21.2.0 and later | Not vulnerable | See footnote 1 |
1. Releases 21.2.0 and later will automatically create new SSH keys during installation but not during an upgrade. If a device is upgraded from 21.1.0, the keys should still be changed by using the following procedure.
Change the Default SSH Keys
To generate new SSH keys and propagate them to all the machines in the deployment, follow these steps:
Step 1
To generate new keys, execute the following command on installer VM (Cluster Manager):
/var/qps/install/current/scripts/bin/support/manage_sshkey.sh --create
Step 2
Update keys on CPS VMs and installer VM (Cluster Manager):
/var/qps/install/current/scripts/bin/support/manage_sshkey.sh --update
This procedure is documented in CPS Migration and Upgrade Guide, Release 21.1.0.
The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.
Exploitation and Public Announcements
- The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Source
- This vulnerability was found during internal security testing.
URL
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.