---
licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0)
licence_link: https://creativecommons.org/licenses/by/4.0/
licence_restrictions: https://cert.europa.eu/legal-notice
licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies
title: 'Cisco Umbrella Virtual Appliance Vulnerability'
version: '1.0'
number: '2022-030'
date: 'April 22, 2022'
---

_History:_

* _22/04/2022 --- v1.0 -- Initial publication_

# Summary

On the 20th of April Cisco released a security advisory about a high severity vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA). The vulnerability could allow an unauthenticated, remote attacker to impersonate a VA. Cisco has released software updates that address this vulnerability [1].

# Technical Details

**CVE-2022-20773 (CVSS Score: Base 7.5)**

This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. SSH is not enabled by default on the Umbrella VA [1].

There is no known public exploit of this vulnerability at the time that the advisory released.

# Products Affected

This vulnerability affects the Cisco Umbrella Virtual Appliance for both VMWare ESXi and Hyper-V running a software version earlier than 3.3.2.

# Recommendations

According to Cisco, depending on the version of the product it advised that 

- Cisco Umbrella Virtual Appliance 3.2 and earlier should migrate to a fixed release.
- Cisco Umbrella Virtual Appliance 3.3 should update to 3.3.2

## Workarounds

There are no workarounds that address this vulnerability.

# References

[1] <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uva-static-key-6RQTRs4c>