CVE-2019-1804
published 2019-05-03CVE-2019-1804: A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an…
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.48%
87.6th percentile
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_nx-os_software_for_nexus_9000_series_fabric_switches_aci_mode_11.0.1b | >= unspecified < n/a | n/a |
| cisco | nexus_9000_series_fabric_switches_application_centric_infrastructure_mode_defaul | — | — |
| cisco | nexus_93108tc-ex_firmware | — | — |
| cisco | nexus_93120tx_firmware | — | — |
| cisco | nexus_93128tx_firmware | — | — |
| cisco | nexus_93180yc-ex_firmware | — | — |
| cisco | nexus_9332pq_firmware | — | — |
| cisco | nexus_9372px_firmware | — | — |
| cisco | nexus_9372tx_firmware | — | — |
| cisco | nexus_9396px_firmware | — | — |
| cisco | nexus_9396tx_firmware | — | — |
| cisco | nexus_9500_firmware | — | — |
| cisco | nexus_9504_firmware | — | — |
| cisco | nexus_9508_firmware | — | — |
| cisco | nexus_9516_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit traffic is exclusively over IPv6 (SSH); IPv4 connections cannot be used to exploit this vulnerability — monitor for unexpected inbound IPv6 SSH connections to Nexus 9000 ACI-mode switches ↗
- →Exploitation involves opening an SSH connection using extracted default key materials; detect SSH authentication successes using key-based auth from unexpected/external sources on Nexus 9000 ACI-mode devices ↗
- →Successful exploitation grants root-level access; alert on SSH sessions authenticated as root on Nexus 9000 ACI-mode switches ↗
- ·The vulnerable default SSH key pair is present in ALL Cisco Nexus 9000 Series ACI-mode devices; any unpatched device shares the same key material, making the default key itself the attack primitive ↗
- ·No workarounds exist; only the vendor-released software update remediates the vulnerability (Cisco Bug ID: CSCvo80686) ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9hxx-97w4-fh95: A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an
ghsa_unreviewed·2022-05-24
CVE-2019-1804 [CRITICAL] CWE-1188 GHSA-9hxx-97w4-fh95: A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable.
Cisco
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability
vendor_cisco·2019-05-01·CVSS 9.8
CVE-2019-1804 [CRITICAL] CWE-310 Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.
The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable.
Cisco has released softwa
Cisco
Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability
vendor_cisco·CVSS 3.0
CVE-2019-1804 Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability
CVE-2019-1804: Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable. Cisco has re
No detection rules found.
2019-05-03
Published