--- licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0) licence_link: https://creativecommons.org/licenses/by/4.0/ licence_restrictions: https://cert.europa.eu/legal-notice licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies title: 'Cisco Umbrella Virtual Appliance Vulnerability' version: '1.0' number: '2022-030' date: 'April 22, 2022' --- _History:_ * _22/04/2022 --- v1.0 -- Initial publication_ # Summary On the 20th of April Cisco released a security advisory about a high severity vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA). The vulnerability could allow an unauthenticated, remote attacker to impersonate a VA. Cisco has released software updates that address this vulnerability [1]. # Technical Details **CVE-2022-20773 (CVSS Score: Base 7.5)** This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. SSH is not enabled by default on the Umbrella VA [1]. There is no known public exploit of this vulnerability at the time that the advisory released. # Products Affected This vulnerability affects the Cisco Umbrella Virtual Appliance for both VMWare ESXi and Hyper-V running a software version earlier than 3.3.2. # Recommendations According to Cisco, depending on the version of the product it advised that - Cisco Umbrella Virtual Appliance 3.2 and earlier should migrate to a fixed release. - Cisco Umbrella Virtual Appliance 3.3 should update to 3.3.2 ## Workarounds There are no workarounds that address this vulnerability. # References [1]