CVE-2017-5242
Rapid7 Vulnerability Management vulnerability analysis and mitigation

Overview

CVE-2017-5242 affects Nexpose and InsightVM virtual appliances that were downloaded between April 5th, 2017 and May 3rd, 2017. The vulnerability involves identical SSH host keys being present across multiple virtual appliances, when normally each appliance should generate a unique SSH host key on first boot (Rapid7 Blog).

Technical details

The vulnerability stems from a failure in the SSH host key generation process during the initial boot of affected virtual appliances. Instead of generating unique keys, the appliances contained identical SSH host keys. This can be verified by checking the modification timestamps of SSH host key files using the command 'stat /etc/ssh/sshhost*' (Rapid7 Blog).

Impact

A malicious user with privileged access to one of the vulnerable virtual appliances could potentially retrieve the SSH host private key and use it to impersonate another user's vulnerable appliance. Additionally, if an attacker can capture SSH traffic between a victim's client machine and the virtual appliance, they could decrypt this traffic. However, both scenarios require the attacker to have a privileged position on the victim's network (Rapid7 Blog).

Mitigation and workarounds

Affected customers can remediate the issue by either downloading and deploying the latest virtual appliance or regenerating SSH host keys. The regeneration process involves removing existing SSH host keys, reconfiguring the OpenSSH server, and restarting the SSH service. After remediation, users will receive a 'WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!' notice when connecting via SSH, which can be resolved by running the ssh-keygen -R command (Rapid7 Blog).

Additional resources


SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management