Earlier this month, Cisco announced a critical vulnerability in its Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software. This vulnerability allows an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. This vulnerability is only exploitable over IPv6; however, the IPv4 is not vulnerable. Cisco has released free software updates that address the vulnerability.
This vulnerability(CVE-2019-1804), with a CVSS severity rating of 9.8, is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. There are no workarounds, so Cisco is encouraging users to update to the latest software release. However, the fix is only an interim patch.
The company also issued a “high” security warning advisory for the Nexus 9000, with a CVSS severity rating of 10.0. This involves an exploit that allows attackers to execute arbitrary operating-system commands as root on an affected device. In order to succeed, an attacker would need valid administrator credentials for the device, Cisco said.
The vulnerability is due to overly broad system-file permissions where an attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string and writing this crafted string to a specific file location.
Critical vulnerabilities Cisco’s web-based management interface
Multiple critical vulnerabilities in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager were revealed yesterday. These vulnerabilities could allow a remote attacker to gain the ability to execute arbitrary code with elevated privileges on the underlying operating system. These vulnerabilities affect Cisco PI Software Releases prior to 3.4.1, 3.5, and 3.6, and EPN Manager Releases prior to 3.0.1
One of these issues, CVE-2019-1821, can be exploited by an unauthenticated attacker that has network access to the affected administrative interface. For the second and third issues(CVE-2019-1822 and CVE-2019-1823), the attacker needs to have valid credentials to authenticate to the impacted administrative interface.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
To know more about these and other vulnerabilities, visit Cisco’s Security Advisories and Alerts page.