CVE-2019-1804

EPSS 7.26%
Published 03.05.2019 17:29:00
Last modified 21.11.2024 04:37:24
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable.

Affected products Warnungen 0 Metrics 4 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Nexus 9332pq Firmware Version14.0(3d)

Cisco ≫ Nexus 9332pq Version-

Cisco ≫ Nexus 93180yc-ex Firmware Version14.0(3d)

Cisco ≫ Nexus 93180yc-ex Version-

Cisco ≫ Nexus 93128tx Firmware Version14.0(3d)

Cisco ≫ Nexus 93128tx Version-

Cisco ≫ Nexus 93120tx Firmware Version14.0(3d)

Cisco ≫ Nexus 93120tx Version-

Cisco ≫ Nexus 93108tc-ex Firmware Version14.0(3d)

Cisco ≫ Nexus 93108tc-ex Version-

Cisco ≫ Nexus 9516 Firmware Version14.0(3d)

Cisco ≫ Nexus 9516 Version-

Cisco ≫ Nexus 9508 Firmware Version14.0(3d)

Cisco ≫ Nexus 9508 Version-

Cisco ≫ Nexus 9504 Firmware Version14.0(3d)

Cisco ≫ Nexus 9504 Version-

Cisco ≫ Nexus 9500 Firmware Version14.0(3d)

Cisco ≫ Nexus 9500 Version-

Cisco ≫ Nexus 9396tx Firmware Version14.0(3d)

Cisco ≫ Nexus 9396tx Version-

Cisco ≫ Nexus 9396px Firmware Version14.0(3d)

Cisco ≫ Nexus 9396px Version-

Cisco ≫ Nexus 9372tx Firmware Version14.0(3d)

Cisco ≫ Nexus 9372tx Version-

Cisco ≫ Nexus 9372px Firmware Version14.0(3d)

Cisco ≫ Nexus 9372px Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7.26%	0.907

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
psirt@cisco.com	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1188 Initialization of a Resource with an Insecure Default

The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-1804

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-1804

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-1804

EUVD