Cisco warned on Thursday that as a result of default encryption keys in three of its security products, customers are at risk of an unauthenticated remote attacker being able intercept traffic or gain access to vulnerable systems with root privileges.

In a security advisory published June 25, Cisco said that its Web Security Virtual Appliance(WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) are vulnerable due to default SSH keys which could allow an unauthenticated, remote attacker to connect to an affected system with the privileges of the root user.

The networking giant has released free softwares updates to fix the flaws and said that its physical appliances are not affected by the vulnerabilities.

Companies are moving their data and workflow over to the cloud with increasing fervor, according to new research from CloudLock.

The company’s “Cloud Cybersecurity Report: The Extended Perimeter” analyzed more than 750 million files, 77,500 apps and six million cloud users to find that, on average, every organization has 4,000 instances of exposed credentials.

The credentials were accessible across the entire company, externally, and in some cases, publicly. Furthermore, an average organization has 100,000 files containing sensitive information stored on public cloud applications.