Cisco Fresh Security Update Addresses Static SSH Host Key Vulnerability
The vulnerability tracked as CVE-2022-20773 has been discovered by Fraser Hess of Pinnacol Assurance. The flaw was hidden within the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance. That allowed attackers to perform a man-in-the-middle attack on an SSH connection to the Umbrella VA, which would result in the threat actor gaining admin credentials, according to Cisco. Cisco has released a security update that addresses this issue. Read more...