CVE-2019-1731Sensitive Information Exposure in Cisco Nx-os Software

CWE-200Sensitive Information ExposureCWE-755Improper Handling of Exceptional Conditions5 documents5 sources
Severity
4.4MEDIUMNVD
EPSS
0.2%
top 60.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Nx-os SoftwareCisco Nx-os
Timeline
PublishedMay 15
Latest updateMay 24

Description

A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a craf

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_nx-os_softwareunspecified8.3(1)
NVDcisco/nx-os7.0\(3\)i77.0\(3\)i7\(4\)+5

🔴Vulnerability Details

2
GHSA
GHSA-g6jr-fq7m-6v6x: A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's pr2022-05-24
CVEList
Cisco NX-OS Software SSH Key Information Disclosure Vulnerability2019-05-15

💥Exploits & PoCs

1
Exploit-DB
BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path2019-10-17

📋Vendor Advisories

1
Cisco
Cisco NX-OS Software SSH Key Information Disclosure Vulnerability2019-05-15
CVE-2019-1731 — Sensitive Information Exposure in Cisco | cvebase