Cisco warns of new bug that could let hackers run off with admin credentials

No workarounds available, so organizations must patch

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

American networking giant Cisco has released apatchthat prevents threat actors from remotely stealing credentials from Umbrella Virtual Appliance (VA) administrators.

According to a security advisory published by the firm, the flaw was discovered by Pinnacol Assurance in the key-based SSH authentication mechanism.

The flaw, now tracked as CVE-2022-20773, can be leveraged by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA.

“A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA,” said Cisco.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

No real-life examples

The flaw is present in Cisco Umbrella VA for Hyper-V and VMWare ESXi on versions older than 3.3.2. There are no workarounds or mitigations, so the only way to address the issue is to install the patch.

Thankfully, Cisco has found no evidence of anyone abusing the flaw in the wild. The company also said that the SSH service is not enabled by default on Umbrella on-prem VAs, which lowers the chances of the flaw being abused.

Those unsure if SSH is enabled in their VAs should log into the hypervisor console, navigate to the configuration mode (CTRL+B), and run config via show command. If SSH is indeed enabled, the command output should include “SSH access : enabled” at the end.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Cisco Umbrella is a cloud-delivered security service, protecting more than 24,000 clients against a wide variety ofmalware,ransomwareand phishing attacks.

Late last year, the company patched two high-severity flaws in the Catalyst PON Series Switches Optical Network Terminals, which would have allowed for unauthorized root access toendpoints.

The two vulnerabilities are tracked as CVE-2021-34795 and CVE-2021-40113, with the former described as an “unintentional debugging credential”.

Whoever held the hidden credentials could get root access to the passive optical network switches, but to do that, the device needed to have Telnet support enabled, something that’s usually off by default.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report