The first of May, Cisco has revealed that its Nexus 9000 fabric switches have a critical flaw that could allow anyone to remotely connect to a vulnerable device using Secure Shell (SSH) and control it with root user privileges.
Discovered and reported by Oliver Matula of ERNW Enno Rey Netzwerke in cooperation with ERNW Research, the issue is the presence of a default SSH key pair in all devices could be exploited by an attacker by opening an SSH connection via IPv6 to a targeted device (IPv4 is not vulnerable). Tracked as CVE-2019-1804 and featuring a CVSS score of 9.8, the attacker would have access to the system with the privileges of the root user.
This vulnerability affects the following Cisco products if they are running a Cisco Nexus 9000 Series ACI Mode Switch Software Release prior to 14.1(1i). Users have to install software update released by Cisco to address the flaw, no workaround is known.
Cisco also patched an additional 22 high-severity flaws and 18 medium-severity flaws in various products on Wednesday, ranging from denial-of-service issues and privilege escalation to cross-site scripting.
These include another SSH vulnerability (CVE-2019-1859), this time in the authentication process of Cisco Small Business Switches software. An exploit for the high-severity bug would allow an attacker to bypass client-side certificate authentication and revert to password authentication.