Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-5242

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots.

Published

2023-01-12T22:15:09.263

Last Modified

2025-04-08T15:15:45.170

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.7 (HIGH)

Weaknesses

Type: Secondary
CWE-321
Type: Primary
CWE-330

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rapid7	insightvm	≤ 2017-05-03	Yes

References

https://www.rapid7.com/blog/post/2017/05/17/rapid7-nexpose-virtual-appliance-duplicate-ssh-host-key-cve-2017-5242/ Mitigation, Vendor Advisory ([email protected])
https://www.rapid7.com/blog/post/2017/05/17/rapid7-nexpose-virtual-appliance-duplicate-ssh-host-key-cve-2017-5242/ Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)