CVE-2017-5242

CVE-2017-5242: Rapid7 Nexpose Virtual Appliance Duplicate SSH Host Key

Vendor Rapid7
Product Nexpose Virtual Appliance
Weakness CWE-321
Published January 12, 2023
Last update April 8, 2025

CVSS base score

What the vulnerability does

01Description

Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots.

Key dates

02Disclosure timeline

January 12, 2023 CVE published
April 8, 2025 Record updated