
Cloud Vulnerability DB
A community-led vulnerabilities database
CVE-2017-5242 affects Nexpose and InsightVM virtual appliances that were downloaded between April 5th, 2017 and May 3rd, 2017. The vulnerability involves identical SSH host keys being present across multiple virtual appliances, when normally each appliance should generate a unique SSH host key on first boot (Rapid7 Blog).
The vulnerability stems from a failure in the SSH host key generation process during the initial boot of affected virtual appliances. Instead of generating unique keys, the appliances contained identical SSH host keys. This can be verified by checking the modification timestamps of SSH host key files using the command 'stat /etc/ssh/sshhost*' (Rapid7 Blog).
A malicious user with privileged access to one of the vulnerable virtual appliances could potentially retrieve the SSH host private key and use it to impersonate another user's vulnerable appliance. Additionally, if an attacker can capture SSH traffic between a victim's client machine and the virtual appliance, they could decrypt this traffic. However, both scenarios require the attacker to have a privileged position on the victim's network (Rapid7 Blog).
Affected customers can remediate the issue by either downloading and deploying the latest virtual appliance or regenerating SSH host keys. The regeneration process involves removing existing SSH host keys, reconfiguring the OpenSSH server, and restarting the SSH service. After remediation, users will receive a 'WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!' notice when connecting via SSH, which can be resolved by running the ssh-keygen -R command (Rapid7 Blog).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."