CVE-2019-1804

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable.

Una vulnerabilidad en la gestión de claves SSH para el software Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch podría permitir que un atacante remoto no autenticado se conecte al sistema afectado con los privilegios de usuario root. La vulnerabilidad se debe a la presencia de un par de claves SSH predeterminado que está presente en todos los dispositivos. Un atacante podría explotar esta vulnerabilidad abriendo una conexión SSH vía IPv6 a un dispositivo objetivo utilizando los materiales clave extraídos. Un exploit podría permitir al atacante acceder al sistema con los privilegios del usuario root. Esta vulnerabilidad sólo es explotable sobre IPv6; IPv4 no es vulnerable.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2018-12-06 CVE Reserved
2019-05-03 CVE Published
2023-03-07 EPSS Updated
2024-11-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-310: Cryptographic Issues
CWE-1188: Initialization of a Resource with an Insecure Default

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey	2021-11-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Nexus 9332pq Firmware Search vendor "Cisco" for product "Nexus 9332pq Firmware"	14.0\(3d\) Search vendor "Cisco" for product "Nexus 9332pq Firmware" and version "14.0\(3d\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9332pq Search vendor "Cisco" for product "Nexus 9332pq"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 93180yc-ex Firmware Search vendor "Cisco" for product "Nexus 93180yc-ex Firmware"	14.0\(3d\) Search vendor "Cisco" for product "Nexus 93180yc-ex Firmware" and version "14.0\(3d\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93180yc-ex Search vendor "Cisco" for product "Nexus 93180yc-ex"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 93128tx Firmware Search vendor "Cisco" for product "Nexus 93128tx Firmware"	14.0\(3d\) Search vendor "Cisco" for product "Nexus 93128tx Firmware" and version "14.0\(3d\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93128tx Search vendor "Cisco" for product "Nexus 93128tx"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 93120tx Firmware Search vendor "Cisco" for product "Nexus 93120tx Firmware"	14.0\(3d\) Search vendor "Cisco" for product "Nexus 93120tx Firmware" and version "14.0\(3d\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93120tx Search vendor "Cisco" for product "Nexus 93120tx"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 93108tc-ex Firmware Search vendor "Cisco" for product "Nexus 93108tc-ex Firmware"	14.0\(3d\) Search vendor "Cisco" for product "Nexus 93108tc-ex Firmware" and version "14.0\(3d\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 93108tc-ex Search vendor "Cisco" for product "Nexus 93108tc-ex"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9516 Firmware Search vendor "Cisco" for product "Nexus 9516 Firmware"	14.0\(3d\) Search vendor "Cisco" for product "Nexus 9516 Firmware" and version "14.0\(3d\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9516 Search vendor "Cisco" for product "Nexus 9516"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9508 Firmware Search vendor "Cisco" for product "Nexus 9508 Firmware"	14.0\(3d\) Search vendor "Cisco" for product "Nexus 9508 Firmware" and version "14.0\(3d\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9508 Search vendor "Cisco" for product "Nexus 9508"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9504 Firmware Search vendor "Cisco" for product "Nexus 9504 Firmware"	14.0\(3d\) Search vendor "Cisco" for product "Nexus 9504 Firmware" and version "14.0\(3d\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9504 Search vendor "Cisco" for product "Nexus 9504"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9500 Firmware Search vendor "Cisco" for product "Nexus 9500 Firmware"	14.0\(3d\) Search vendor "Cisco" for product "Nexus 9500 Firmware" and version "14.0\(3d\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9500 Search vendor "Cisco" for product "Nexus 9500"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9396tx Firmware Search vendor "Cisco" for product "Nexus 9396tx Firmware"	14.0\(3d\) Search vendor "Cisco" for product "Nexus 9396tx Firmware" and version "14.0\(3d\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9396tx Search vendor "Cisco" for product "Nexus 9396tx"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9396px Firmware Search vendor "Cisco" for product "Nexus 9396px Firmware"	14.0\(3d\) Search vendor "Cisco" for product "Nexus 9396px Firmware" and version "14.0\(3d\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9396px Search vendor "Cisco" for product "Nexus 9396px"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9372tx Firmware Search vendor "Cisco" for product "Nexus 9372tx Firmware"	14.0\(3d\) Search vendor "Cisco" for product "Nexus 9372tx Firmware" and version "14.0\(3d\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9372tx Search vendor "Cisco" for product "Nexus 9372tx"	-	-	Safe
Cisco Search vendor "Cisco"	Nexus 9372px Firmware Search vendor "Cisco" for product "Nexus 9372px Firmware"	14.0\(3d\) Search vendor "Cisco" for product "Nexus 9372px Firmware" and version "14.0\(3d\)"	-	Affected	in	Cisco Search vendor "Cisco"	Nexus 9372px Search vendor "Cisco" for product "Nexus 9372px"	-	-	Safe