Cisco Catalyst Center Static SSH Host Key Vulnerability

Vulnerability

A vulnerability in the SSH server of Cisco Catalyst Center (formerly Cisco DNA Center) allows an unauthenticated, remote attacker to impersonate the appliance. This issue is due to the presence of a static SSH host key. Affected versions include all versions prior to the fixed release; exact version numbers are not specified in the advisory [1]. The vulnerability is reachable over the network without authentication.

Exploitation

An attacker can exploit this vulnerability by performing a machine-in-the-middle (MITM) attack on SSH connections to a Cisco Catalyst Center appliance. The attacker must be positioned to intercept network traffic between SSH clients and the appliance. By exploiting the static host key, the attacker can impersonate the affected appliance and inject commands into the terminal session, as well as steal valid user credentials [1].

Impact

Successful exploitation allows the attacker to impersonate the Cisco Catalyst Center appliance, intercept SSH traffic, inject arbitrary commands into the terminal session, and steal user credentials. This compromises the confidentiality and integrity of communications and could lead to further unauthorized access to the network [1].

Mitigation

Cisco has released free software updates that address this vulnerability. Customers with service contracts should obtain fixes through their usual update channels. Customers without service contracts should contact the Cisco Technical Assistance Center (TAC) to obtain fixed software. No workaround is mentioned in the advisory [1]. The advisory does not list this vulnerability as part of the Known Exploited Vulnerabilities (KEV) catalog.