Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-1590

Опубликовано: 03 мая 2019
Источник: nvd
CVSS3: 8.1
CVSS2: 6.8
EPSS Низкий

Описание

A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The vulnerability is due to insufficient TLS client certificate validations for certificates sent between the various components of an ACI fabric. An attacker who has possession of a certificate that is trusted by the Cisco Manufacturing CA and the corresponding private key could exploit this vulnerability by presenting a valid certificate while attempting to connect to the targeted device. An exploit could allow the attacker to gain full control of all other components within the ACI fabric of an affected device.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:cisco:nx-os:8.3\(0\)sk\(0.39\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:nx-os:14.1\(0.90\):*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:nexus_9000:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_92300yc:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_92304qc:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9236c:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9272q:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93180lc-ex:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9336pq:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9372px-e:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9372tx-e:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*

EPSS

Процентиль: 71%
0.00684
Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-295
CWE-295

Связанные уязвимости

github логотип

GHSA-9fr7-cq74-hp3w

CVSS3: 8.1
github
больше 3 лет назад

A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The vulnerability is due to insufficient TLS client certificate validations for certificates sent between the various components of an ACI fabric. An attacker who has possession of a certificate that is trusted by the Cisco Manufacturing CA and the corresponding private key could exploit this vulnerability by presenting a valid certificate while attempting to connect to the targeted device. An exploit could allow the attacker to gain full control of all other components within the ACI fabric of an affected device.

fstec логотип

BDU:2019-01802

CVSS3: 8.1
fstec
почти 7 лет назад

Уязвимость сетевой операционной системы NX-OS маршрутизаторов Cisco Nexus серии 9000, связанная с ошибками подтверждения подлинности сертификата безопасности транспортного уровня (TLS), позволяющая нарушителю получить полный контроль над всеми компонентами в структуре ACI уязвимого устройства

EPSS

Процентиль: 71%
0.00684
Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-295
CWE-295