Lucene search

[email protected]NVD:CVE-2019-1804

HistoryMay 03, 2019 - 5:29 p.m.

CVE-2019-1804

2019-05-0317:29:00

CWE-310

CWE-1188

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable.

Affected configurations

NVD

Node

cisconexus_9332pq_firmwareMatch14.0\(3d\)

AND

cisconexus_9332pqMatch-

Node

cisconexus_93180yc-ex_firmwareMatch14.0\(3d\)

AND

cisconexus_93180yc-exMatch-

Node

cisconexus_93128tx_firmwareMatch14.0\(3d\)

AND

cisconexus_93128txMatch-

Node

cisconexus_93120tx_firmwareMatch14.0\(3d\)

AND

cisconexus_93120txMatch-

Node

cisconexus_93108tc-ex_firmwareMatch14.0\(3d\)

AND

cisconexus_93108tc-exMatch-

Node

cisconexus_9516_firmwareMatch14.0\(3d\)

AND

cisconexus_9516Match-

Node

cisconexus_9508_firmwareMatch14.0\(3d\)

AND

cisconexus_9508Match-

Node

cisconexus_9504_firmwareMatch14.0\(3d\)

AND

cisconexus_9504Match-

Node

cisconexus_9500_firmwareMatch14.0\(3d\)

AND

cisconexus_9500Match-

Node

cisconexus_9396tx_firmwareMatch14.0\(3d\)

AND

cisconexus_9396txMatch-

Node

cisconexus_9396px_firmwareMatch14.0\(3d\)

AND

cisconexus_9396pxMatch-

Node

cisconexus_9372tx_firmwareMatch14.0\(3d\)

AND

cisconexus_9372txMatch-

Node

cisconexus_9372px_firmwareMatch14.0\(3d\)

AND

cisconexus_9372pxMatch-

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

Related for NVD:CVE-2019-1804

attackerkb1 cve1 cvelist1 nessus1 prion1 cisco1 threatpost3