• Home
  • |
  • Blog
  • |
  • How To Fix The SSH Key Vulnerability In Cisco Umbrella Virtual Appliance- CVE-2022-20773?
How to Fix the SSH Key Vulnerability in Cisco Umbrella Virtual Appliance- CVE-2022-20773

The network appliances manufacturer giant Cisco published an advisory on 21at April in which Cisco detailed about an SSH Key vulnerability in Cisco Umbrella Virtual Appliance. The vulnerability tracked as CVE-2022-20773 is a high severity vulnerability with a CVSS score of 7.5 out of 10. The flaw allows an unauthenticated, remote attacker to impersonate a VA and steal admin credentials. Since this flaw poses an admin credential theft threat, it is good to be aware of this flaw and address it as soon as possible. Let’s see how to fix the SSH Key vulnerability in Cisco Umbrella Virtual Appliance in this post.

About Cisco Umbrella Virtual Appliance:

Cisco Umbrella is a cloud-based security platform that provides the first line of defense against threats on the internet. Cisco Umbrella uses a combination of DNS filtering, URL filtering, and IP reputation to block requests to malicious websites and stop malware from infecting devices. Cisco Umbrella also provides insights into internet activity so that you can see which sites are being visited, what type of traffic is being generated, and where potential threats are coming from. Cisco Umbrella is easy to set up and manage, and it works with any Internet connection or device. It is also compatible with most of the will known Virtualization and cloud platforms such as VMWare ESX/ESXi, Windows Hyper-V, and KVM hypervisors and the Microsoft Azure, Google Cloud Platform, and Amazon Web Services cloud platforms.

Here are some of the key features of Cisco Umbrella:

  1. DNS filtering: Cisco Umbrella uses DNS to block requests to malicious websites and stop malware from infecting devices. Cisco Umbrella provides insights into internet activity so that you can see which sites are being visited, what type of traffic is being generated, and where potential threats are coming from.
  2. URL filtering: Cisco Umbrella blocks requests to known malicious websites and stops malware from infecting devices. Cisco Umbrella also provides insights into internet activity so that you can see which sites are being visited, what type of traffic is being generated, and where potential threats are coming from.
  3. IP reputation: Cisco Umbrella checks the reputation of IP addresses to determine if they are associated with malicious activity. Cisco Umbrella also provides insights into internet activity so that you can see which sites are being visited, what type of traffic is being generated, and where potential threats are coming from.
  4. Easy to set up and manage: Cisco Umbrella is easy to set up and manage, and it works with any Internet connection or device.
  5. Cloud-based security: Cisco Umbrella is a cloud-based security platform that provides the first line of defense against threats on the internet. Cisco Umbrella uses a combination of DNS filtering, URL filtering, and IP reputation to block requests to malicious websites and stop malware from infecting devices. Cisco Umbrella also provides insights into internet activity so that you can see which sites are being visited, what type of traffic is being generated, and where potential threats are coming from. Cisco Umbrella is easy to set up and manage, and it works with any Internet connection or device.

Summary Of CVE-2022-20773:

This is a vulnerability liece in the Key-based authentication in Cisco Umbrella Virtual Appliance. This flaw allows an unauthenticated, remote attacker to impersonate a VA and steal admin credentials.

The Advisory says, “This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA.”

By Cisco
Associated CVE IDCVE-2022-20773
DescriptionA SSH Key Vulnerability in Cisco Umbrella Virtual Appliance
Associated ZDI ID
CVSS Score7.5 High
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)High
Privilege Required (PR)None
User Interaction (UI)Required
ScopeUnchanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

Products Affected By CVE-2022-20773:

The flaw affects the Cisco Umbrella Virtual Appliance version earlier than 3.3.2. Please check the version of your Cisco Umbrella Virtual Appliance running on VMWare ESXi and Hyper-V and fix the SSH Key vulnerability in Cisco Umbrella Virtual Appliance.

How to Check the Version of Cisco Umbrella Virtual Appliance?

There are two ways to get the version info in Cisco Umbrella Virtual Appliance: 1. CLI Command, and 2. Dashboard

1. CLI Command:

Login to the Virtual Appliance CLI, then type the ‘version’ command. That’s it.

$ version

2. Dashboard:

Navigate to Deployments > Configuration > Sites and Active Directory on the Umbrella Dashboard to see the version info. Or you can also get the version info from the VMWare or Hypervisor console as well.

How To Fix The SSH Key Vulnerability In Cisco Umbrella Virtual Appliance- CVE-2022-20773?

Cisco recommends upgrading Cisco Umbrella to v3.3.2 or greater. Well, there is a disappointment for those who are looking at a temporary workaround. There are no workarounds to fix the SSH Key vulnerability in Cisco Umbrella Virtual Appliance as long as you use the SSH authentication. If the SSH authentication is not mandatory, then you can turn the SSH authentication off.

Note: SSH is disabled by default. However, if You want to confirm whether the SSH service is enabled, try this command:

$ config va show 

You will see a output like this: In this example, the SSH is enabled.

~ $ config va show
            Virtual Appliance Configuration
                Name:
                Local DNS -
                    ip address :
                    DNSSEC     : disabled
                Internal Domains Count: 0
                Resolvers: 208.67.220.220 208.67.222.222
                SSH access : enabled

If you want to disable the SSH authentication, try this command.

$ config va ssh disable

Other useful commands to know:

config va status
config va name <New name for the VA>
config va interface <interface name> <ip address> <subnet mask> <gateway>
config va interface6 <interface name> <IPv6 address/prefix> <IPv6 gateway>
config va show
config va ssh enable
config va dmz enable
config va dnssec enable
config va per-ip-rate-limit enable <packets/sec> <burst rate>

How To Fix CVE-2022-20773, A SSH Key Vulnerability In Cisco Umbrella Virtual Appliance?

The best and permanent way to fix the SSH Key vulnerability in Cisco Umbrella Virtual Appliance is to upgrade it to v3.3.2.

Cisco Umbrella Virtual ApplianceFirst Fixed Release
3.2 and earlierMigrate to a fixed release.
3.33.3.2

Upgrading Cisco Umbrella to v3.3.2 is the recommended approach to fix the SSH Key vulnerability in Cisco Umbrella Virtual Appliance. Let’s see how to perform this upgradation in simple steps.

First of all we would like to tell there are two different ways to do this upgradation.

  1. Auto Upgrade
  2. Manual Upgra

How To Upgrade Cisco Umbrella Virtual Appliances?

  1. Whitelist these two domains in Firewall

    These two domains must be accessible from your Cisco Umbrella Virtual Appliances to download the updates from public Umbrella server.

    * 443 (TCP) to disthost.opendns.com
    * 443 (TCP) to disthost.umbrella.com

  2. Check the version info in the Umbrella Dashboard

    Login to the Console and navigate to Deployments > Configuration > Sites and Active Directory. Note the version of the Cisco Umbrella VA under the ‘Version’.

    Check the version info in the Umbrella Dashboard

  3. Upgrade Cisco Umbrella Virtual Appliance

    Click the alert symbol and click the upgrade button to start the upgrade process.

    Upgrade Cisco Umbrella Virtual Appliance

  4. Set the Auto upgrade on Cisco Umbrella Virtual Appliance

    1. Navigate to Deployments > Configuration > Sites and Active Directory.
    2. Click Settings and then the Auto-Update tab
    3. Schedule the auto-upgrade process by setting up Day an Time Range, then click Set to enable the auto-upgrade.

    Set the Auto upgrade on Cisco Umbrella Virtual Appliance

We hope this post will help you know how to fix the SSH Key vulnerability in Cisco Umbrella Virtual Appliance in this post. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.