Cisco has released a security advisory warning of SSH problems in three of its enterprise products, including one designed for security management.
The affected products are the Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv) and Security Management Virtual Appliance (SMAv).
Cisco explained that the systems are vulnerable because of the preinstalled SSH encryption keys.
"A vulnerability in the remote support functionality of Cisco WSAv, Cisco ESAv and Cisco SMAv Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user," said the Cisco advisory.
"The vulnerability is due to the presence of a default authorised SSH key that is shared across all the installations of WSAv, ESAv and SMAv. An attacker could exploit this vulnerability by obtaining the SSH private key and using it to connect to any WSAv, ESAv or SMAv."
Exploitation of the flaws could allow an "unauthenticated, remote attacker to decrypt and impersonate secure communication between any virtual content security appliance".
The firm has urged customers to install the updates as soon as possible.
Cisco released a security advisory earlier this year warning of a vulnerability in the company's IP phone systems that could allow an attacker to listen in to calls or make their own calls.
The problem, and the post-Edward Snowden climate, led some to question whether this was an international 'error'.
If Cisco did it, how many other companies also left backdoor keys on their network devices for "support reasons"? http://t.co/6E2mBMCsWT— Eric Mill (@konklone) June 28, 2015
John Chambers, who was chief executive of Cisco at the time, had already expressed concerns to president Obama about surveillance and the possibility of government over-reach.
Chambers appealed to the president for the sake of the economy, after reports about exploits in his company's hardware.
"If these allegations are true, these actions will undermine confidence in our industry and the ability of technology companies to deliver products globally," he wrote.
"Confidence in the open, global internet has brought enormous economic benefits to the US and to billions of people around the world. This confidence is being eroded by revelations of government surveillance."
Applications from some member states were down more than 40 per cent
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams