Cisco Warns of Critical Nexus 9000 Data Center Flaw

Part of a slew of patches from the networking vendor, the CVSS 9.8 bug allows remote takeover of a vulnerable device.

A critical vulnerability in Cisco’s software-defined networking (SDN) software could allow an unauthenticated, remote attacker to connect to a vulnerable data-center switch and take it over, with the privileges of the root user.

The bug (CVE-2019-1804), which has a CVSS severity rating of 9.8 out of 10, exists in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software, which is part of Cisco’s SDN approach. Enterprises use ACI to deploy and control applications across their infrastructure, including their multicloud footprints, with consistent policies – in theory boosting security and high availability. The Nexus 900 Series meanwhile is a line of data-center gear.

Unfortunately, Cisco built in a default key pair for the software’s Secure Shell (SSH) key management function; so, the bug allows an attacker to uncover the pairing and connect to a vulnerable Nexus 9000 Series device remotely, as if he or she were the legitimate user.

Read more…
Source: ThreatPost