Cisco released security patches to address tens of vulnerabilities in its products. Among the flaws fixed by Cisco, there is also a critical vulnerability in Nexus 9000 switches that is tracked as CVE-2019-1804 and that received a CVSS score of 9.8.
The vulnerability resides in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure Mode Switch Software and it is related to the presence of a default SSH key pair in all devices.
The default SSH key pair could be exploited by an attacker by opening an SSH connection via IPv6 to a targeted device, in this way the attacker will be able to connect to the system with the privileges of the root user.
“A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an
“The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user.”
This flaw could not be exploitable over IPv4.
The flaw affects Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode running Cisco NX-OS software release prior to 14.1
Users have to install software update released by Cisco to address the flaw, no workaround is known.
The good news is that Cisco is not aware of
Cisco also addressed over 20 High severity vulnerabilities affecting the Web Security Appliance (WSA), Umbrella Dashboard, Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, RV320 and RV325 routers, IP Phone 7800 and 8800 Series, Application Policy Infrastructure Controller (APIC) software, and the Nexus 9000 switches.
The list of flaws includes privilege escalation issues, denial of service vulnerabilities and session hijacking bugs.