CVE-2019-1890

Опубликовано: 04 июл. 2019

Источник: nvd

CVSS3: 7.4

CVSS3: 6.5

CVSS2: 3.3

EPSS Низкий

Описание

A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.

Ссылки

http://www.securityfocus.com/bid/109052
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass
Vendor Advisory
http://www.securityfocus.com/bid/109052
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:cisco:application_policy_infrastructure_controller:7.3\(0\)zn\(0.113\):*:*:*:*:*:*:*

Одно из

cpe:2.3:h:cisco:9432pq:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:9536pq:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:9636pq:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:9736pq:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:n9k-x9432c-s:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:n9k-x9464px:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:n9k-x9464tx2:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:n9k-x9564px:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:n9k-x9564tx:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:n9k-x9636c-r:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:n9k-x9636c-rx:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:n9k-x97160yc-ex:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:n9k-x9732c-ex:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:n9k-x9732c-fx:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:n9k-x9736c-ex:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:n9k-x9736c-fx:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:n9k-x9788tc-fx:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:x9636q-r:-:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00098

Низкий

7.4 High

CVSS3

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-284

NVD-CWE-Other

Связанные уязвимости

GHSA-6gv5-cvcq-3x2c

CVSS3: 6.5

github

больше 3 лет назад

BDU:2019-02534

CVSS3: 7.4

fstec

больше 6 лет назад

Уязвимость сетевой операционной системы NX-OS, связанная с недостатками контроля доступа, позволяющая нарушителю обойти проверки безопасности и подключить неавторизованный сервер к VLAN инфраструктуре

EPSS

Процентиль: 27%

0.00098

Низкий

7.4 High

CVSS3

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-284

NVD-CWE-Other