VDB
CVE-2021-40119
CVE-2021-40119
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user.
EPSS 7.64% · 92.0th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
7.64%
92.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | policy_suite | 0 |
| Cisco | Cisco Policy Suite (CPS) Software | n/a |
Exploit Intelligence
Timeline
- Nov 3, 2021 CVE Published
- Nov 5, 2021 EPSS Score
- Dec 31, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 24, 2022 EPSS Score
- Apr 21, 2022 EPSS Score
- Jun 16, 2022 EPSS Score
- Aug 12, 2022 EPSS Score
- Dec 1, 2022 EPSS Score
- Jan 26, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 17, 2023 EPSS Score
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-catpon-multivulns-CE3DSYGr advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-switches-tokens-UzwpR4e5 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-40119 advisory