VDB

CVE-2019-1804

CVE-2019-1804 PUBLISHED CVSS 9.800000190734863 CRITICAL

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable.

EPSS 4.10% · 88.8th percentile

Risk Scores

CVSS 3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
4.10%
88.8th percentile

Affected Products

VendorProductVersions
cisconexus_93128tx_firmware14.0\(3d\)
CiscoCisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode 11.0.1b*
cisconexus_93180yc-ex_firmware*
cisconexus_9508_firmware*
cisconexus_93120tx_firmware14.0\(3d\)
cisconexus_9332pq_firmware14.0\(3d\)
cisconexus_9372px_firmware14.0\(3d\)
cisconexus_9396tx_firmware*
cisconexus_9504_firmware14.0\(3d\)
cisconexus_93108tc-ex_firmware*
cisconexus_9372tx_firmware14.0\(3d\)
cisconexus_9516_firmware14.0\(3d\)
cisconexus_9396px_firmware14.0\(3d\)
cisconexus_9500_firmware*

Exploit Intelligence

Timeline

  • May 1, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score

References

…and 3 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›