CVE-2019-1589 — Sensitive Information Exposure in Cisco Nx-os Software FOR Nexus 9000 Series Fabric Switches ACI Mode

CWE-200 — Sensitive Information Exposure CWE-311 — Missing Encryption of Sensitive Data4 documents4 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 87.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nx-os Software FOR Nexus 9000 Series Fabric Switches ACI Mode Cisco Nx-os

Timeline

PublishedMay 3

Latest updateMay 24

Description

A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The vulnerability is due to a lack of proper data-protection mechanisms for disk encryption keys that are used within the partitions on an affected device hard drive. An attacker could exploit this vulnerabi…

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_nx-os_software_for_nexus_9000_series_fabric_switches_aci_mode8.3(0)SK(0.39)

▶NVDcisco/nx-os8.3\(0\)sk\(0.39\)

🔴Vulnerability Details

GHSA

GHSA-6vcw-rc44-857p: A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infr↗2022-05-24

▶

CVEList

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot Vulnerability↗2019-05-03

▶

📋Vendor Advisories

Cisco

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot Vulnerability↗2019-05-01

▶