Cisco addresses a critical flaw in Nexus 9000 switches

Pierluigi Paganini May 03, 2019

Cisco released security patches to address tens of vulnerabilities in its products, including a critical vulnerability affecting Nexus 9000 switches.

Cisco released security patches to address tens of vulnerabilities in its products. Among the flaws fixed by Cisco, there is also a critical vulnerability in Nexus 9000 switches that is tracked as CVE-2019-1804 and that received a CVSS score of 9.8.

Cisco Nexus 9000

The vulnerability resides in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure Mode Switch Software and it is related to the presence of a default SSH key pair in all devices.

The default SSH key pair could be exploited by an attacker by opening an SSH connection via IPv6 to a targeted device, in this way the attacker will be able to connect to the system with the privileges of the root user.

“A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the rootuser.” reads the security advisory published by Cisco.

“The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user.”

This flaw could not be exploitable over IPv4.

The flaw affects Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode running Cisco NX-OS software release prior to 14.1(1i).

Users have to install software update released by Cisco to address the flaw, no workaround is known.

The good news is that Cisco is not aware of the exploitation of the vulnerability in attacks in the wild.

Cisco also addressed over 20 High severity vulnerabilities affecting the Web Security Appliance (WSA), Umbrella Dashboard, Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, RV320 and RV325 routers, IP Phone 7800 and 8800 Series, Application Policy Infrastructure Controller (APIC) software, and the Nexus 9000 switches.

The list of flaws includes privilege escalation issues, denial of service vulnerabilities and session hijacking bugs.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Cisco Nexus 9000, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment