CVE-2019-1731
published 2019-05-15CVE-2019-1731: A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH…
medium4.4CVSS 3.1
AVLACLPRHUINSUCHINAN
A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the CLI. A successful exploit could allow the attacker to expose a user's private SSH key. In addition, a similar type of error in the SSH key import could cause the passphrase-protected private SSH key to be imported unintentionally.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_nx-os_software | >= unspecified < 8.3(1) | 8.3(1) |
| cisco | nx-os | < 7.0\(3\)i4\(9\) | 7.0\(3\)i4\(9\) |
| cisco | nx-os | < 6.0\(2\)a8\(10\) | 6.0\(2\)a8\(10\) |
| cisco | nx-os | < 7.3\(4\)n1\(1\) | 7.3\(4\)n1\(1\) |
| cisco | nx-os | — | — |
| cisco | nx-os | >= 7.0\(3\) < 7.0\(3\)f3\(5\) | 7.0\(3\)f3\(5\) |
| cisco | nx-os | >= 7.0\(3\)i4 < 7.0\(3\)i7\(4\) | 7.0\(3\)i7\(4\) |
| cisco | nx-os | >= 7.0\(3\)i7 < 7.0\(3\)i7\(4\) | 7.0\(3\)i7\(4\) |