Cisco Policy Suite Static SSH Keys Vulnerability<p>A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the <em>root</em> user.</p>
<p>This vulnerability is due to a weakness in the SSH subsystem of an affected system. An attacker could exploit this vulnerability by connecting to an affected device through SSH. A successful exploit could allow the attacker to log in to an affected system as the <em>root</em> user.</p>
<p>Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.</p>
<p>This advisory is available at the following link:<br><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv" target="_blank" rel="noopener">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv</a></p>
Security Impact Rating: Critical
CVE: CVE-2021-40119
Source: Cisco Policy Suite Static SSH Keys Vulnerability (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Policy%20Suite%20Static%20SSH%20Keys%20Vulnerability&vs_k=1)