Cisco reports critical vulnerabilities in Nexus 9000 data center switches, PI software, and EPN manager

This vulnerability(CVE-2019-1804), with a CVSS severity rating of 9.8, is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. There are no workarounds, so Cisco is encouraging users to update to the latest software release. However, the fix is only an interim patch.

The company also issued a “high” security warning advisory for the Nexus 9000, with a CVSS severity rating of 10.0. This involves an exploit that allows attackers to execute arbitrary operating-system commands as root on an affected device. In order to succeed, an attacker would need valid administrator credentials for the device, Cisco said.

AWS Builder Community Hub

The vulnerability is due to overly broad system-file permissions where an attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string and writing this crafted string to a specific file location.

Critical vulnerabilities Cisco’s web-based management interface

Multiple critical vulnerabilities in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager were revealed yesterday. These vulnerabilities could allow a remote attacker to gain the ability to execute arbitrary code with elevated privileges on the underlying operating system. These vulnerabilities affect Cisco PI Software Releases prior to 3.4.1, 3.5, and 3.6, and EPN Manager Releases prior to 3.0.1

One of these issues, CVE-2019-1821, can be exploited by an unauthenticated attacker that has network access to the affected administrative interface. For the second and third issues(CVE-2019-1822 and CVE-2019-1823), the attacker needs to have valid credentials to authenticate to the impacted administrative interface.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

To know more about these and other vulnerabilities, visit Cisco’s Security Advisories and Alerts page.

Read Next

Cisco merely blacklisted a curl instead of actually fixing the vulnerable code for RV320 and RV325

Cisco announces severe vulnerability that gives improper access controls for URLs in its Small Business routers RV320 and RV325

A WhatsApp vulnerability enabled attackers to inject Israeli spyware on user’s phones

*** This is a Security Bloggers Network syndicated blog from Security News – Packt Hub authored by Savia Lobo. Read the original post at: