{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2022-030.pdf" }, "title": "Cisco Umbrella Virtual Appliance Vulnerability", "serial_number": "2022-030", "publish_date": "22-04-2022 08:01:00", "description": "On the 20th of April Cisco released a security advisory about a high severity vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA). The vulnerability could allow an unauthenticated, remote attacker to impersonate a VA. Cisco has released software updates that address this vulnerability.", "url_title": "2022-030", "content_markdown": "---\ntitle: 'Cisco Umbrella Virtual Appliance Vulnerability'\nversion: '1.0'\nnumber: '2022-030'\ndate: 'April 22, 2022'\n---\n\n_History:_\n\n* _22/04/2022 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn the 20th of April Cisco released a security advisory about a high severity vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA). The vulnerability could allow an unauthenticated, remote attacker to impersonate a VA. Cisco has released software updates that address this vulnerability [1].\n\n# Technical Details\n\n**CVE-2022-20773 (CVSS Score: Base 7.5)**\n\nThis vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. SSH is not enabled by default on the Umbrella VA [1].\n\nThere is no known public exploit of this vulnerability at the time that the advisory released.\n\n# Products Affected\n\nThis vulnerability affects the Cisco Umbrella Virtual Appliance for both VMWare ESXi and Hyper-V running a software version earlier than 3.3.2.\n\n# Recommendations\n\nAccording to Cisco, depending on the version of the product it advised that \n\n- Cisco Umbrella Virtual Appliance 3.2 and earlier should migrate to a fixed release.\n- Cisco Umbrella Virtual Appliance 3.3 should update to 3.3.2\n\n## Workarounds\n\nThere are no workarounds that address this vulnerability.\n\n# References\n\n[1] \n\n", "content_html": "

History:

Summary

On the 20th of April Cisco released a security advisory about a high severity vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA). The vulnerability could allow an unauthenticated, remote attacker to impersonate a VA. Cisco has released software updates that address this vulnerability [1].

Technical Details

CVE-2022-20773 (CVSS Score: Base 7.5)

This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. SSH is not enabled by default on the Umbrella VA [1].

There is no known public exploit of this vulnerability at the time that the advisory released.

Products Affected

This vulnerability affects the Cisco Umbrella Virtual Appliance for both VMWare ESXi and Hyper-V running a software version earlier than 3.3.2.

Recommendations

According to Cisco, depending on the version of the product it advised that

Workarounds

There are no workarounds that address this vulnerability.

References

[1] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uva-static-key-6RQTRs4c

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }