CVE-2022-20773

A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. Note: SSH is not enabled by default on the Umbrella VA.
Configurations

Configuration 1

cpe:2.3:a:cisco:umbrella:*:*:*:*:*:*:*:*

Information

Published : 2022-04-21 07:15

Updated : 2022-05-04 06:58


NVD link : CVE-2022-20773

Mitre link : CVE-2022-20773

Products Affected
No products.
CWE