Loadbalancer.org Enterprise VA 7.5.2 Static SSH Key

Summary
Loadbalancer.org Enterprise VA 7.5.2 contains a default SSH private key
Impact
A remote attacker can exploit this issue to gain unauthorized root access to affected devices. Successfully exploiting this issue allows attackers to completely compromise the devices.
Solution
Upgrade to version 7.5.3 or newer
Insight
Loadbalancer.org Enterprise VA versions 7.5.2 and below come with a static public and private key installed for their appliances. When the keys are regenerated, it fails to remove the public key from the authorized_keys2 file, allowing anyone to use the private default key for access.
Affected
Loadbalancer.org Enterprise VA versions 7.5.2 and below
Detection
Try to login as root using the known static private key
References