Skip to content

A vulnerability in the SSH key management for the Cisco...

Critical severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Jan 28, 2023

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable.

References

Published by the National Vulnerability Database May 3, 2019
Published to the GitHub Advisory Database May 24, 2022
Last updated Jan 28, 2023

Severity

Critical

EPSS score

0.344%
(72nd percentile)

Weaknesses

CVE ID

CVE-2019-1804

GHSA ID

GHSA-9hxx-97w4-fh95

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.