Sign-up

ID

VAR-201907-0236


CVE

CVE-2019-1890


TITLE

Cisco Nexus 9000 Series Fabric Switches Access Control Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-21309 // CNNVD: CNNVD-201907-230

DESCRIPTION

A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints. The Cisco Nexus 9000 Series Fabric Switches is a 9000 series fabric switch from Cisco. This issue is being tracked by Cisco Bug CSCvp64280

Trust: 2.61

sources: NVD: CVE-2019-1890 // JVNDB: JVNDB-2019-006200 // CNVD: CNVD-2019-21309 // BID: 109052 // VULHUB: VHN-151292 // VULMON: CVE-2019-1890

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-21309

AFFECTED PRODUCTS

vendor:ciscomodel:nexus series aci mode switches 11.0scope:eqversion:9000

Trust: 1.5

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:7.3\(0\)zn\(0.113\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controller softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:nexus series fabric switchesscope:eqversion:9000

Trust: 0.6

vendor:ciscomodel:nexus series fabric switches aci modescope:eqversion:9000-0

Trust: 0.3

vendor:ciscomodel:nexus series aci mode switches 14.0scope:eqversion:9000

Trust: 0.3

vendor:ciscomodel:nexus series aci mode switchesscope:eqversion:900013.2(3.170)

Trust: 0.3

vendor:ciscomodel:nexus series aci mode switches 11.1scope:eqversion:9000

Trust: 0.3

vendor:ciscomodel:nexus series aci mode switches 14.1scope:neversion:9000

Trust: 0.3

sources: CNVD: CNVD-2019-21309 // BID: 109052 // JVNDB: JVNDB-2019-006200 // NVD: CVE-2019-1890

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1890
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1890
value: HIGH

Trust: 1.0

NVD: CVE-2019-1890
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-21309
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-230
value: MEDIUM

Trust: 0.6

VULHUB: VHN-151292
value: LOW

Trust: 0.1

VULMON: CVE-2019-1890
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-1890
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-21309
severity: MEDIUM
baseScore: 6.1
vectorString: AV:A/AC:L/AU:N/C:N/I:C/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-151292
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1890
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1890
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.0

NVD: CVE-2019-1890
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-21309 // VULHUB: VHN-151292 // VULMON: CVE-2019-1890 // JVNDB: JVNDB-2019-006200 // CNNVD: CNNVD-201907-230 // NVD: CVE-2019-1890 // NVD: CVE-2019-1890

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

problemtype:NVD-CWE-Other

Trust: 1.0

sources: VULHUB: VHN-151292 // JVNDB: JVNDB-2019-006200 // NVD: CVE-2019-1890

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201907-230

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201907-230

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006200

PATCH
title:cisco-sa-20190703-n9kaci-bypassurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass
Trust: 0.8
title:CiscoNexus 9000 Series FabricSwitches Access Control Error Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/167121
Trust: 0.6
title:Cisco Nexus 9000 Series Fabric Switches Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94419
Trust: 0.6
title:Cisco: Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190703-n9kaci-bypass
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-21309 // 
            
            
            
            VULMON: CVE-2019-1890 // 
            
            
            
            JVNDB: JVNDB-2019-006200 // 
            
            
            
            CNNVD: CNNVD-201907-230

EXTERNAL IDS
db:NVDid:CVE-2019-1890
Trust: 3.5
db:BIDid:109052
Trust: 2.1
db:JVNDBid:JVNDB-2019-006200
Trust: 0.8
db:CNNVDid:CNNVD-201907-230
Trust: 0.7
db:CNVDid:CNVD-2019-21309
Trust: 0.6
db:AUSCERTid:ESB-2019.2439
Trust: 0.6
db:VULHUBid:VHN-151292
Trust: 0.1
db:VULMONid:CVE-2019-1890
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-21309 // 
            
            
            
            VULHUB: VHN-151292 // 
            
            
            
            VULMON: CVE-2019-1890 // 
            
            
            
            BID: 109052 // 
            
            
            
            JVNDB: JVNDB-2019-006200 // 
            
            
            
            CNNVD: CNNVD-201907-230 // 
            
            
            
            NVD: CVE-2019-1890

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-n9kaci-bypass
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-1890
Trust: 2.0
url:http://www.securityfocus.com/bid/109052
Trust: 1.8
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1890
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2019.2439/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-nexus-9000-privilege-escalation-via-vlan-29692
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-21309 // 
            
            
            
            VULHUB: VHN-151292 // 
            
            
            
            VULMON: CVE-2019-1890 // 
            
            
            
            BID: 109052 // 
            
            
            
            JVNDB: JVNDB-2019-006200 // 
            
            
            
            CNNVD: CNNVD-201907-230 // 
            
            
            
            NVD: CVE-2019-1890

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 109052

SOURCES
db:CNVDid:CNVD-2019-21309
db:VULHUBid:VHN-151292
db:VULMONid:CVE-2019-1890
db:BIDid:109052
db:JVNDBid:JVNDB-2019-006200
db:CNNVDid:CNNVD-201907-230
db:NVDid:CVE-2019-1890

LAST UPDATE DATE
2024-11-23T22:37:46.759000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-21309date:2019-07-05T00:00:00
db:VULHUBid:VHN-151292date:2020-10-16T00:00:00
db:VULMONid:CVE-2019-1890date:2020-10-16T00:00:00
db:BIDid:109052date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2019-006200date:2019-07-12T00:00:00
db:CNNVDid:CNNVD-201907-230date:2020-10-21T00:00:00
db:NVDid:CVE-2019-1890date:2024-11-21T04:37:37.437

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-21309date:2019-07-05T00:00:00
db:VULHUBid:VHN-151292date:2019-07-04T00:00:00
db:VULMONid:CVE-2019-1890date:2019-07-04T00:00:00
db:BIDid:109052date:2019-07-03T00:00:00
db:JVNDBid:JVNDB-2019-006200date:2019-07-12T00:00:00
db:CNNVDid:CNNVD-201907-230date:2019-07-03T00:00:00
db:NVDid:CVE-2019-1890date:2019-07-04T20:15:11.123