How To Fix The SSH Key Vulnerability In Cisco Umbrella Virtual Appliance- CVE-2022-20773?

The network appliances manufacturer giant Cisco published an advisory on 21at April in which Cisco detailed about an SSH Key vulnerability in Cisco Umbrella Virtual Appliance. The vulnerability tracked as CVE-2022-20773 is a high severity vulnerability with a CVSS score of 7.5 out of 10. The flaw allows an unauthenticated, remote attacker to impersonate a VA and steal admin credentials. Since this flaw poses an admin credential theft threat, it is good to be aware of this flaw and address it as soon as possible. Let’s see how to fix the SSH Key vulnerability in Cisco Umbrella Virtual Appliance in this post.

About Cisco Umbrella Virtual Appliance:

Cisco Umbrella is a cloud-based security platform that provides the first line of defense against threats on the internet. Cisco Umbrella uses a combination of DNS filtering, URL filtering, and IP reputation to block requests to malicious websites and stop malware from infecting devices. Cisco Umbrella also provides insights into internet activity so that you can see which sites are being visited, what type of traffic is being generated, and where potential threats are coming from. Cisco Umbrella is easy to set up and manage, and it works with any Internet connection or device. It is also compatible with most of the will known Virtualization and cloud platforms such as VMWare ESX/ESXi, Windows Hyper-V, and KVM hypervisors and the Microsoft Azure, Google Cloud Platform, and Amazon Web Services cloud platforms.

Here are some of the key features of Cisco Umbrella:

1. DNS filtering: Cisco Umbrella uses DNS to block requests to malicious websites and stop malware from infecting devices. Cisco Umbrella provides insights into internet activity so that you can see which sites are being visited, what type of traffic is being generated, and where potential threats are coming from.
2. URL filtering: Cisco Umbrella blocks requests to known malicious websites and stops malware from infecting devices. Cisco Umbrella also provides insights into internet activity so that you can see which sites are being visited, what type of traffic is being generated, and where potential threats are coming from.
3. IP reputation: Cisco Umbrella checks the reputation of IP addresses to determine if they are associated with malicious activity. Cisco Umbrella also provides insights into internet activity so that you can see which sites are being visited, what type of traffic is being generated, and where potential threats are coming from.
4. Easy to set up and manage: Cisco Umbrella is easy to set up and manage, and it works with any Internet connection or device.
5. Cloud-based security: Cisco Umbrella is a cloud-based security platform that provides the first line of defense against threats on the internet. Cisco Umbrella uses a combination of DNS filtering, URL filtering, and IP reputation to block requests to malicious websites and stop malware from infecting devices. Cisco Umbrella also provides insights into internet activity so that you can see which sites are being visited, what type of traffic is being generated, and where potential threats are coming from. Cisco Umbrella is easy to set up and manage, and it works with any Internet connection or device.

Summary Of CVE-2022-20773:

This is a vulnerability liece in the Key-based authentication in Cisco Umbrella Virtual Appliance. This flaw allows an unauthenticated, remote attacker to impersonate a VA and steal admin credentials.

The Advisory says, “This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA.”

By Cisco

Products Affected By CVE-2022-20773:

The flaw affects the Cisco Umbrella Virtual Appliance version earlier than 3.3.2. Please check the version of your Cisco Umbrella Virtual Appliance running on VMWare ESXi and Hyper-V and fix the SSH Key vulnerability in Cisco Umbrella Virtual Appliance.

How to Check the Version of Cisco Umbrella Virtual Appliance?

There are two ways to get the version info in Cisco Umbrella Virtual Appliance: 1. CLI Command, and 2. Dashboard

1. CLI Command:

Login to the Virtual Appliance CLI, then type the ‘version’ command. That’s it.

$ version

2. Dashboard:

Navigate to Deployments > Configuration > Sites and Active Directory on the Umbrella Dashboard to see the version info. Or you can also get the version info from the VMWare or Hypervisor console as well.

How To Fix The SSH Key Vulnerability In Cisco Umbrella Virtual Appliance- CVE-2022-20773?

Cisco recommends upgrading Cisco Umbrella to v3.3.2 or greater. Well, there is a disappointment for those who are looking at a temporary workaround. There are no workarounds to fix the SSH Key vulnerability in Cisco Umbrella Virtual Appliance as long as you use the SSH authentication. If the SSH authentication is not mandatory, then you can turn the SSH authentication off.

Note: SSH is disabled by default. However, if You want to confirm whether the SSH service is enabled, try this command:

$ config va show 

You will see a output like this: In this example, the SSH is enabled.

~ $ config va show
            Virtual Appliance Configuration
                Name:
                Local DNS -
                    ip address :
                    DNSSEC     : disabled
                Internal Domains Count: 0
                Resolvers: 208.67.220.220 208.67.222.222
                SSH access : enabled

If you want to disable the SSH authentication, try this command.

$ config va ssh disable

Other useful commands to know:

config va status
config va name <New name for the VA>
config va interface <interface name> <ip address> <subnet mask> <gateway>
config va interface6 <interface name> <IPv6 address/prefix> <IPv6 gateway>
config va show
config va ssh enable
config va dmz enable
config va dnssec enable
config va per-ip-rate-limit enable <packets/sec> <burst rate>

How To Fix CVE-2022-20773, A SSH Key Vulnerability In Cisco Umbrella Virtual Appliance?

The best and permanent way to fix the SSH Key vulnerability in Cisco Umbrella Virtual Appliance is to upgrade it to v3.3.2.

Upgrading Cisco Umbrella to v3.3.2 is the recommended approach to fix the SSH Key vulnerability in Cisco Umbrella Virtual Appliance. Let’s see how to perform this upgradation in simple steps.

First of all we would like to tell there are two different ways to do this upgradation.

1. Auto Upgrade
2. Manual Upgra

We hope this post will help you know how to fix the SSH Key vulnerability in Cisco Umbrella Virtual Appliance in this post. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this. 

• Connect Raspberry Pi Remotely
• Step By Step Procedure To Enable Key Based Authentication On Raspberry Pi:
• Enable key based authentication on Raspberry Pi
• List Of Cisco Products Affected By Spring4Shell Vulnerability
• RCE Vulnerability In Cisco Switche