If a Cisco Umbrella Virtual Appliance (VA) customer has enabled SSH, they need to patch it against a credential-stealing vulnerability.
The company disclosed the bug in this notice, saying it could allow an attacker to impersonate a VA.
Cisco says Umbrella is used by 24,000 organisations, providing DNS-level security against “malicious and unwanted domains, IP addresses, and cloud applications” before a user connects to them.
An unpatched system has a static SSH host key. The vendor explained that if an attacker performed a man-in-the-middle attack on an SSH connection to the Umbrella VA, they could “learn the administrator credentials, change configurations, or reload the VA”.
The vulnerability has been assigned CVE-2022-20773, and because it’s only present in non-default configurations, it has a Common Vulnerability Scoring System rating of high, at 7.5.
It affects VAs for VMWare ESXi and Hyper-V in versions earlier than 3.3.2, and customers are also advised to check whether SSH is running.
Cisco says it’s not aware of any exploits of the vulnerability, and attributed discovery of the bug to Fraser Hess of Pinnacol Assurance.