CVE-2019-1590Improper Certificate Validation in Cisco Nx-os Software FOR Nexus 9000 Series Fabric Switches ACI Mode

CWE-295Improper Certificate Validation5 documents5 sources
Severity
8.1HIGHNVD
EPSS
0.7%
top 28.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os Software FOR Nexus 9000 Series Fabric Switches ACI ModeCisco Nx-os
Timeline
PublishedMay 3
Latest updateMay 24

Description

A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The vulnerability is due to insufficient TLS client certificate validations for certificates sent between the various components of an ACI fabric. An attacker who has possession of a certificate that is

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDcisco/nx-os14.1\(0.90\), 8.3\(0\)sk\(0.39\)+1

🔴Vulnerability Details

2
GHSA
GHSA-9fr7-cq74-hp3w: A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructu2022-05-24
CVEList
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Insecure Fabric Authentication Vulnerability2019-05-03

📋Vendor Advisories

1
Cisco
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Insecure Fabric Authentication Vulnerability2019-05-01

💬Community

1
Bugzilla
CVE-2019-10432 jenkins-2-plugins: Stored XSS vulnerability in HTML Publisher Plugin2019-10-22
CVE-2019-1590 — Improper Certificate Validation | cvebase