PT-2023-10639 · Rapid7 · Nexpose+1
Ken Mizota
·
Publicado
2023-01-12
·
Atualizado
2025-04-08
·
CVE-2017-5242
CVSS v3.1
7.7
Alta
| Vetor | AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Nexpose virtual appliances versions downloaded between April 5th, 2017 and May 3rd, 2017
InsightVM virtual appliances versions downloaded between April 5th, 2017 and May 3rd, 2017
Description
The issue concerns Nexpose and InsightVM virtual appliances that were downloaded between April 5th, 2017 and May 3rd, 2017. These appliances contain identical SSH host keys, which is unusual because a unique SSH host key should be generated the first time a virtual appliance boots.
Recommendations
For Nexpose virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017, consider regenerating the SSH host key to ensure uniqueness.
For InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017, consider regenerating the SSH host key to ensure uniqueness.
As a temporary workaround, restrict access to the SSH service until a unique SSH host key can be generated.
Correção
Use of Insufficiently Random Values
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Insightvm
Nexpose