← Back

CVE-2019-1804

nvd nist
Published: May 3, 2019Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable.

Affected (13)

Cisco
13 products
Nexus 9332pq Firmware
Nexus 93180yc Ex Firmware
Nexus 93128tx Firmware
Nexus 93120tx Firmware
Nexus 93108tc Ex Firmware
Nexus 9516 Firmware
Nexus 9508 Firmware
Nexus 9504 Firmware
Nexus 9500 Firmware
Nexus 9396tx Firmware
Nexus 9396px Firmware
Nexus 9372tx Firmware
Nexus 9372px Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nexus 9332pq Firmware
Version 14.0(3d)
Running on/withPlatform Versions
Cisco
Nexus 9332pq
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nexus 93180yc Ex Firmware
Version 14.0(3d)
Running on/withPlatform Versions
Cisco
Nexus 93180yc Ex
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nexus 93128tx Firmware
Version 14.0(3d)
Running on/withPlatform Versions
Cisco
Nexus 93128tx
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nexus 93120tx Firmware
Version 14.0(3d)
Running on/withPlatform Versions
Cisco
Nexus 93120tx
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nexus 93108tc Ex Firmware
Version 14.0(3d)
Running on/withPlatform Versions
Cisco
Nexus 93108tc Ex
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nexus 9516 Firmware
Version 14.0(3d)
Running on/withPlatform Versions
Cisco
Nexus 9516
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nexus 9508 Firmware
Version 14.0(3d)
Running on/withPlatform Versions
Cisco
Nexus 9508
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nexus 9504 Firmware
Version 14.0(3d)
Running on/withPlatform Versions
Cisco
Nexus 9504
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nexus 9500 Firmware
Version 14.0(3d)
Running on/withPlatform Versions
Cisco
Nexus 9500
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nexus 9396tx Firmware
Version 14.0(3d)
Running on/withPlatform Versions
Cisco
Nexus 9396tx
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nexus 9396px Firmware
Version 14.0(3d)
Running on/withPlatform Versions
Cisco
Nexus 9396px
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nexus 9372tx Firmware
Version 14.0(3d)
Running on/withPlatform Versions
Cisco
Nexus 9372tx
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nexus 9372px Firmware
Version 14.0(3d)
Running on/withPlatform Versions
Cisco
Nexus 9372px
All versions

Related CWEs

CWE-1188
Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
CWE-310
CWE-310

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.