CVE-2019-1890 — Improper Access Control in Cisco Nx-os System Software IN ACI Mode 11.0.1b

CWE-284 — Improper Access Control5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 72.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Nx-os System Software IN ACI Mode 11.0.1b Cisco Application Policy Infrastructure Controller

Timeline

PublishedJul 4

Latest updateMay 24

Description

A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulner…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDcisco/application_policy_infrastructure_controller7.3\(0\)zn\(0.113\)

▶CVEListV5cisco/cisco_nx-os_system_software_in_aci_mode_11.0.1bunspecified — 14.1(2g)

🔴Vulnerability Details

GHSA

GHSA-6gv5-cvcq-3x2c: A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mod↗2022-05-24

▶

CVEList

Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability↗2019-07-04

▶

📋Vendor Advisories

Cisco

Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability↗2019-07-03

▶

💬Community

Bugzilla

CVE-2018-1890 IBM JDK: local privilege escalation via insecure RPATHs↗2019-03-05

▶