Default Settings in Cisco Products Make Them Hackable
Cisco reported that they found that the default SSH keys in Cisco software have left a number of their products open to a serious cyberattack.
There are two kinds of vulnerability: a default SSH key vulnerability and a default SSH host keys vulnerability. The vulnerabilities are in Web Security Virtual Appliance, Email Security Virtual Appliance and Security Management Virtual Appliance. The vulnerability is live on products that are already in use and there is no work-around for them, but patches are available and it is recommended that they be applied as soon as possible.
The vulnerability stems from a default SSH key being used in the products listed above. It would allow a hacker to take control of a system with root access and allow them to access and decrypt secured communications.