Cisco warns of a critical vulnerability in Nexus data-center switches

• The security flaw could allow attackers to surreptitiously access system resources of data centers.
• Designated as CVE-2019-1804, the flaw was given a severity rating of 9.8 out of 10.

A severe vulnerability in Nexus switches has been uncovered by the Cisco team. The flaw was disclosed by the networking company in its security advisories released this week. Secure Shell (SSH protocol) in the Cisco Nexus 9000 series led to this vulnerability which, as a consequence, can allow unauthorized users to have root privileges in the affected system. Attackers could exploit this flaw to execute malicious programs to corrupt data centers.

A detailed picture

• In an advisory, Cisco indicated that the flaw, tracked CVE-2019-1804, was the result of a default SSH key pair, present in Nexus devices. “An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials,” the advisory read.
• The advisory further mentioned that the flaw is only exploitable over IPv6. IPv4 was not vulnerable.
• The vulnerability affected the Nexus 9000 Series Fabric Switches in ACI mode that were running Cisco NX-OS versions prior to 14.1(1). However, Cisco has released software updates to fix this critical vulnerability.
• Cisco has also fixed two more vulnerabilities in the Nexus 9000 series. While one of them was an authentication flaw, the other one is a privilege escalation vulnerability.

Other products remedied

The 41 security advisories published yesterday addresses security vulnerabilities found in Cisco’s other products. They include Cisco Umbrella, Cisco Firepower Threat Defense, Cisco RV320 and RV325 routers, Cisco IP Phone 7800 and 8800 series, Cisco Adaptive Security Appliance, Cisco Expressway and Cisco Prime.

Flaws ranged from cross-site scripting, cross-site request forgery to high-priority privilege escalation vulnerabilities.