{ "file_item": { "filepath": "security-advisories", "filename": "CERT-EU-SA2019-011.pdf" }, "title": "Cisco Critical Vulnerability Affecting Nexus 9000 Switches", "serial_number": "2019-011", "publish_date": "03-05-2019 13:53:00", "description": "A critical vulnerability affecting Nexus 9000 switches has been recently disclosed. The vulnerability identified as CVE-2019-1804 is a hardcoded SSH key pair that could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.", "url_title": "2019-011", "content_markdown": "---\ntitle: 'Cisco Critical Vulnerability Affecting\u00a0Nexus 9000 Switches'\nversion: '1.0'\nnumber: '2019-011'\ndate: 'May 3, 2019'\n---\n\n_History:_\n\n* _3/05/2019 --- v1.0 -- Initial publication_\n\n\n# Summary\n\nA critical vulnerability affecting Nexus 9000 switches has been recently disclosed. The vulnerability identified as CVE-2019-1804 is a hardcoded SSH key pair that could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.\n\n# Technical Details\n\nThe vulnerability is due to the presence of a default SSH key pair that is present in all affected devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the _root_ user. This vulnerability is only exploitable over IPv6 -- IPv4 is not vulnerable [1].\n\n# Products Affected\n\nThis vulnerability affects Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software.\n\n# Recommendations\n\nThere are no workarounds to address this vulnerability. Cisco has released software updates to fix the defective software and for other issues [2].\n\n# References\n\n[1] \n\n[2] \n", "content_html": "

History:

Summary

A critical vulnerability affecting Nexus 9000 switches has been recently disclosed. The vulnerability identified as CVE-2019-1804 is a hardcoded SSH key pair that could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.

Technical Details

The vulnerability is due to the presence of a default SSH key pair that is present in all affected devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6 -- IPv4 is not vulnerable [1].

Products Affected

This vulnerability affects Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software.

Recommendations

There are no workarounds to address this vulnerability. Cisco has released software updates to fix the defective software and for other issues [2].

References

[1] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey

[2] https://tools.cisco.com/security/center/publicationListing.x

", "licence": { "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)", "link": "https://creativecommons.org/licenses/by/4.0/", "restrictions": "https://cert.europa.eu/legal-notice", "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies" } }