Sign-up

ID

VAR-201905-1314


CVE

CVE-2019-1804


TITLE

Cisco Nexus 9000 Series Application Centric Infrastructure Mode Switch Cryptographic vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-003884

DESCRIPTION

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable. Cisco Nexus 9000 Series Fabric Switches are prone to an remote security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvo80686. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text

Trust: 2.07

sources: NVD: CVE-2019-1804 // JVNDB: JVNDB-2019-003884 // BID: 108127 // VULHUB: VHN-150346 // VULMON: CVE-2019-1804

AFFECTED PRODUCTS

vendor:ciscomodel:nexus 9396txscope:eqversion:14.0\(3d\)

Trust: 1.0

vendor:ciscomodel:nexus 9372txscope:eqversion:14.0\(3d\)

Trust: 1.0

vendor:ciscomodel:nexus 93108tc-exscope:eqversion:14.0\(3d\)

Trust: 1.0

vendor:ciscomodel:nexus 9332pqscope:eqversion:14.0\(3d\)

Trust: 1.0

vendor:ciscomodel:nexus 9504scope:eqversion:14.0\(3d\)

Trust: 1.0

vendor:ciscomodel:nexus 9396pxscope:eqversion:14.0\(3d\)

Trust: 1.0

vendor:ciscomodel:nexus 9508scope:eqversion:14.0\(3d\)

Trust: 1.0

vendor:ciscomodel:nexus 9372pxscope:eqversion:14.0\(3d\)

Trust: 1.0

vendor:ciscomodel:nexus 9516scope:eqversion:14.0\(3d\)

Trust: 1.0

vendor:ciscomodel:nexus 93128txscope:eqversion:14.0\(3d\)

Trust: 1.0

vendor:ciscomodel:nexus 9500scope:eqversion:14.0\(3d\)

Trust: 1.0

vendor:ciscomodel:nexus 93180yc-exscope:eqversion:14.0\(3d\)

Trust: 1.0

vendor:ciscomodel:nexus 93120txscope:eqversion:14.0\(3d\)

Trust: 1.0

vendor:ciscomodel:nexus 93108tc exscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 93120txscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 93128txscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 93180yc exscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9332pqscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9396txscope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9500scope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9504scope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9508scope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus 9516scope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series switches 14.1scope:neversion:9000

Trust: 0.6

vendor:ciscomodel:nx-os softwarescope:eqversion:8.0(1)

Trust: 0.3

vendor:ciscomodel:nx-os softwarescope:eqversion:7.0

Trust: 0.3

vendor:ciscomodel:nx-os softwarescope:eqversion:6.1

Trust: 0.3

vendor:ciscomodel:nx-os softwarescope:eqversion:6.0

Trust: 0.3

vendor:ciscomodel:nx-os softwarescope:eqversion:5.2

Trust: 0.3

vendor:ciscomodel:nx-os softwarescope:eqversion:4.1

Trust: 0.3

vendor:ciscomodel:nx-os softwarescope:eqversion:2.1

Trust: 0.3

vendor:ciscomodel:nexus series switches 14.0scope:eqversion:9000

Trust: 0.3

vendor:ciscomodel:nx-os software 14.1scope:neversion: -

Trust: 0.3

sources: BID: 108127 // JVNDB: JVNDB-2019-003884 // NVD: CVE-2019-1804

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1804
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1804
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-1804
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201905-005
value: CRITICAL

Trust: 0.6

VULHUB: VHN-150346
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1804
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1804
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-150346
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1804
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1804
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-150346 // VULMON: CVE-2019-1804 // JVNDB: JVNDB-2019-003884 // CNNVD: CNNVD-201905-005 // NVD: CVE-2019-1804 // NVD: CVE-2019-1804

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

problemtype:CWE-1188

Trust: 1.0

sources: VULHUB: VHN-150346 // JVNDB: JVNDB-2019-003884 // NVD: CVE-2019-1804

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-005

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-005

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003884

PATCH
title:cisco-sa-20190501-nexus9k-sshkeyurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey
Trust: 0.8
title:Cisco Nexus 9000 Series Fabric Switches Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92156
Trust: 0.6
title:The Registerurl:https://www.theregister.co.uk/2019/05/02/cisco_vulnerabilities/
Trust: 0.2
title:Cisco: Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190501-nexus9k-sshkey
Trust: 0.1
title:Threatposturl:https://threatpost.com/critical-flaw-in-cisco-elastic-services-controller-allows-full-system-takeover/144452/
Trust: 0.1
title:Threatposturl:https://threatpost.com/cisco_high-severity_bug/144410/
Trust: 0.1
title:Threatposturl:https://threatpost.com/cisco-critical-nexus-9000-flaw/144290/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-1804 // 
            
            
            
            JVNDB: JVNDB-2019-003884 // 
            
            
            
            CNNVD: CNNVD-201905-005

EXTERNAL IDS
db:NVDid:CVE-2019-1804
Trust: 2.9
db:BIDid:108127
Trust: 1.1
db:JVNDBid:JVNDB-2019-003884
Trust: 0.8
db:CNNVDid:CNNVD-201905-005
Trust: 0.7
db:AUSCERTid:ESB-2019.1507.2
Trust: 0.6
db:NSFOCUSid:43203
Trust: 0.6
db:VULHUBid:VHN-150346
Trust: 0.1
db:VULMONid:CVE-2019-1804
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150346 // 
            
            
            
            VULMON: CVE-2019-1804 // 
            
            
            
            BID: 108127 // 
            
            
            
            JVNDB: JVNDB-2019-003884 // 
            
            
            
            CNNVD: CNNVD-201905-005 // 
            
            
            
            NVD: CVE-2019-1804

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-nexus9k-sshkey
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-1804
Trust: 1.4
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1804
Trust: 0.8
url:https://www.securityfocus.com/bid/108127
Trust: 0.7
url:https://www.auscert.org.au/bulletins/80066
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-nexus-9000-aci-code-execution-via-default-ssh-key-29180
Trust: 0.6
url:http://www.nsfocus.net/vulndb/43203
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/1188.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/critical-flaw-in-cisco-elastic-services-controller-allows-full-system-takeover/144452/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-150346 // 
            
            
            
            VULMON: CVE-2019-1804 // 
            
            
            
            BID: 108127 // 
            
            
            
            JVNDB: JVNDB-2019-003884 // 
            
            
            
            CNNVD: CNNVD-201905-005 // 
            
            
            
            NVD: CVE-2019-1804

CREDITS
Oliver Matula from ERNW Enno Rey Netzwerke GmbH in cooperation with ERNW Research GmbH.,Oliver Matula from ERNW Enno Rey Netzwerke GmbH in cooperation with ERNW Research GmbH,Oliver Matula from ERNW Enno Rey Netzwerke GmbH in cooperation with ERNW Research GmbH
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201905-005

SOURCES
db:VULHUBid:VHN-150346
db:VULMONid:CVE-2019-1804
db:BIDid:108127
db:JVNDBid:JVNDB-2019-003884
db:CNNVDid:CNNVD-201905-005
db:NVDid:CVE-2019-1804

LAST UPDATE DATE
2024-11-23T22:51:44.944000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-150346date:2021-11-03T00:00:00
db:VULMONid:CVE-2019-1804date:2021-11-03T00:00:00
db:BIDid:108127date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-003884date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-005date:2021-11-04T00:00:00
db:NVDid:CVE-2019-1804date:2024-11-21T04:37:24.863

SOURCES RELEASE DATE
db:VULHUBid:VHN-150346date:2019-05-03T00:00:00
db:VULMONid:CVE-2019-1804date:2019-05-03T00:00:00
db:BIDid:108127date:2019-05-01T00:00:00
db:JVNDBid:JVNDB-2019-003884date:2019-05-23T00:00:00
db:CNNVDid:CNNVD-201905-005date:2019-05-01T00:00:00
db:NVDid:CVE-2019-1804date:2019-05-03T17:29:00.813