Vulnerability-Lookup

BDU:2019-02534

Vulnerability from fstec - Published: 03.07.2019

Title

Уязвимость сетевой операционной системы NX-OS, связанная с недостатками контроля доступа, позволяющая нарушителю обойти проверки безопасности и подключить неавторизованный сервер к VLAN инфраструктуре

Description

Уязвимость сетевой операционной системы NX-OS, функционирующей на Cisco Nexus 9000 Series ACI Mode Switch связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, обойти проверки безопасности и подключить неавторизованный сервер к VLAN инфраструктуре в результате отправки вредоносного LLDP-пакета

Severity ?


                    
                      AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Vendor

Cisco Systems Inc.

Software Name

NX-OS

Software Version

11.0.1b (NX-OS), 11.0.1c (NX-OS), 11.0.1d (NX-OS), 11.0.1e (NX-OS), 11.0.2j (NX-OS), 11.0.2m (NX-OS), 11.0.3f (NX-OS), 11.0.3i (NX-OS), 11.0.3k (NX-OS), 11.0.3n (NX-OS), 11.0.3o (NX-OS), 11.0.4h (NX-OS), 11.0.4o (NX-OS), 11.0.4q (NX-OS), 11.0.4g (NX-OS), 11.1.1j (NX-OS), 11.1.1o (NX-OS), 11.1.1r (NX-OS), 11.1.1s (NX-OS), 11.1.2h (NX-OS), 11.1.2i (NX-OS), 11.1.3f (NX-OS), 11.1.4 (NX-OS), 11.1.4e (NX-OS), 11.1.4f (NX-OS), 11.1.4g (NX-OS), 11.1.4i (NX-OS), 11.1.4l (NX-OS), 11.1.4m (NX-OS), 11.2.1i (NX-OS), 11.2.2g (NX-OS), 11.2.3c (NX-OS), 11.2.2h (NX-OS), 11.2.2i (NX-OS), 11.2.3e (NX-OS), 11.2.3h (NX-OS), 11.2.3m (NX-OS), 11.2.1k (NX-OS), 11.2.1m (NX-OS), 11.2.2j (NX-OS), 12.0.1m (NX-OS), 12.0.2g (NX-OS), 12.0.1n (NX-OS), 12.0.1o (NX-OS), 12.0.1p (NX-OS), 12.0.1q (NX-OS), 12.0.2h (NX-OS), 12.0.2l (NX-OS), 12.0.2m (NX-OS), 12.0.2n (NX-OS), 12.0.2o (NX-OS), 12.0.2f (NX-OS), 12.0.1r (NX-OS), 12.1.1h (NX-OS), 12.1.2e (NX-OS), 12.1.3g (NX-OS), 12.1.4a (NX-OS), 12.1.1i (NX-OS), 12.1.2g (NX-OS), 12.1.2k (NX-OS), 12.1.3h (NX-OS), 12.1.3j (NX-OS), 12.2.1n (NX-OS), 12.2.2e (NX-OS), 12.2.3j (NX-OS), 12.2.4f (NX-OS), 12.2.4p (NX-OS), 12.2.3p (NX-OS), 12.2.3r (NX-OS), 12.2.3s (NX-OS), 12.2.3t (NX-OS), 12.2.2f (NX-OS), 12.2.2g (NX-OS), 12.2.2i (NX-OS), 12.2.2j (NX-OS), 12.2.2k (NX-OS), 12.2.2q (NX-OS), 12.2.1o (NX-OS), 12.2.4q (NX-OS), 12.2.4r (NX-OS), 12.2.1k (NX-OS), 12.3.1e (NX-OS), 12.3.1f (NX-OS), 12.3.1i (NX-OS), 12.3.1l (NX-OS), 12.3.1o (NX-OS), 12.3.1p (NX-OS), 13.0.1k (NX-OS), 13.0.2h (NX-OS), 13.0.2k (NX-OS), 13.0.2n (NX-OS), 13.0.1i (NX-OS), 13.0.2m (NX-OS), 13.1.1i (NX-OS), 13.1.2m (NX-OS), 13.1.2o (NX-OS), 13.1.2p (NX-OS), 13.1.2q (NX-OS), 13.1.2s (NX-OS), 13.1.2t (NX-OS), 13.1.2u (NX-OS), 13.2.1l (NX-OS), 13.2.1m (NX-OS), 13.2.2l (NX-OS), 13.2.2o (NX-OS), 13.2.3i (NX-OS), 13.2.3n (NX-OS), 13.2.3o (NX-OS), 13.2.3r (NX-OS), 13.2.4d (NX-OS), 13.2.4e (NX-OS), 13.2.3j (NX-OS), 13.2.3s (NX-OS), 13.2.5d (NX-OS), 13.2.5e (NX-OS), 13.2.5f (NX-OS), 13.2.6i (NX-OS), 11.3.1g (NX-OS), 11.3.2f (NX-OS), 11.3.1h (NX-OS), 11.3.1i (NX-OS), 11.3.2h (NX-OS), 11.3.2i (NX-OS), 11.3.2k (NX-OS), 11.3.1j (NX-OS), 11.3.2j (NX-OS), 14.0.1h (NX-OS), 14.0.2c (NX-OS), 14.0.3d (NX-OS), 14.0.3c (NX-OS), 14.1.1i (NX-OS), 14.1.1j (NX-OS), 14.1.1k (NX-OS), 14.1.1l (NX-OS)

Possible Mitigations

Использование рекомендаций производителя: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass

Reference

https://tools.cisco.com/security/center/publicationListing.x https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass

CWE

CWE-284

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:L/Au:N/C:N/I:C/A:N",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11.0.1b (NX-OS), 11.0.1c (NX-OS), 11.0.1d (NX-OS), 11.0.1e (NX-OS), 11.0.2j (NX-OS), 11.0.2m (NX-OS), 11.0.3f (NX-OS), 11.0.3i (NX-OS), 11.0.3k (NX-OS), 11.0.3n (NX-OS), 11.0.3o (NX-OS), 11.0.4h (NX-OS), 11.0.4o (NX-OS), 11.0.4q (NX-OS), 11.0.4g (NX-OS), 11.1.1j (NX-OS), 11.1.1o (NX-OS), 11.1.1r (NX-OS), 11.1.1s (NX-OS), 11.1.2h (NX-OS), 11.1.2i (NX-OS), 11.1.3f (NX-OS), 11.1.4 (NX-OS), 11.1.4e (NX-OS), 11.1.4f (NX-OS), 11.1.4g (NX-OS), 11.1.4i (NX-OS), 11.1.4l (NX-OS), 11.1.4m (NX-OS), 11.2.1i (NX-OS), 11.2.2g (NX-OS), 11.2.3c (NX-OS), 11.2.2h (NX-OS), 11.2.2i (NX-OS), 11.2.3e (NX-OS), 11.2.3h (NX-OS), 11.2.3m (NX-OS), 11.2.1k (NX-OS), 11.2.1m (NX-OS), 11.2.2j (NX-OS), 12.0.1m (NX-OS), 12.0.2g (NX-OS), 12.0.1n (NX-OS), 12.0.1o (NX-OS), 12.0.1p (NX-OS), 12.0.1q (NX-OS), 12.0.2h (NX-OS), 12.0.2l (NX-OS), 12.0.2m (NX-OS), 12.0.2n (NX-OS), 12.0.2o (NX-OS), 12.0.2f (NX-OS), 12.0.1r (NX-OS), 12.1.1h (NX-OS), 12.1.2e (NX-OS), 12.1.3g (NX-OS), 12.1.4a (NX-OS), 12.1.1i (NX-OS), 12.1.2g (NX-OS), 12.1.2k (NX-OS), 12.1.3h (NX-OS), 12.1.3j (NX-OS), 12.2.1n (NX-OS), 12.2.2e (NX-OS), 12.2.3j (NX-OS), 12.2.4f (NX-OS), 12.2.4p (NX-OS), 12.2.3p (NX-OS), 12.2.3r (NX-OS), 12.2.3s (NX-OS), 12.2.3t (NX-OS), 12.2.2f (NX-OS), 12.2.2g (NX-OS), 12.2.2i (NX-OS), 12.2.2j (NX-OS), 12.2.2k (NX-OS), 12.2.2q (NX-OS), 12.2.1o (NX-OS), 12.2.4q (NX-OS), 12.2.4r (NX-OS), 12.2.1k (NX-OS), 12.3.1e (NX-OS), 12.3.1f (NX-OS), 12.3.1i (NX-OS), 12.3.1l (NX-OS), 12.3.1o (NX-OS), 12.3.1p (NX-OS), 13.0.1k (NX-OS), 13.0.2h (NX-OS), 13.0.2k (NX-OS), 13.0.2n (NX-OS), 13.0.1i (NX-OS), 13.0.2m (NX-OS), 13.1.1i (NX-OS), 13.1.2m (NX-OS), 13.1.2o (NX-OS), 13.1.2p (NX-OS), 13.1.2q (NX-OS), 13.1.2s (NX-OS), 13.1.2t (NX-OS), 13.1.2u (NX-OS), 13.2.1l (NX-OS), 13.2.1m (NX-OS), 13.2.2l (NX-OS), 13.2.2o (NX-OS), 13.2.3i (NX-OS), 13.2.3n (NX-OS), 13.2.3o (NX-OS), 13.2.3r (NX-OS), 13.2.4d (NX-OS), 13.2.4e (NX-OS), 13.2.3j (NX-OS), 13.2.3s (NX-OS), 13.2.5d (NX-OS), 13.2.5e (NX-OS), 13.2.5f (NX-OS), 13.2.6i (NX-OS), 11.3.1g (NX-OS), 11.3.2f (NX-OS), 11.3.1h (NX-OS), 11.3.1i (NX-OS), 11.3.2h (NX-OS), 11.3.2i (NX-OS), 11.3.2k (NX-OS), 11.3.1j (NX-OS), 11.3.2j (NX-OS), 14.0.1h (NX-OS), 14.0.2c (NX-OS), 14.0.3d (NX-OS), 14.0.3c (NX-OS), 14.1.1i (NX-OS), 14.1.1j (NX-OS), 14.1.1k (NX-OS), 14.1.1l (NX-OS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.07.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.07.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02534",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-1890",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "NX-OS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Cisco Systems Inc. - - Cisco Nexus 9000 Series",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b NX-OS, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u043a VLAN \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0435\u0442\u0435\u0432\u043e\u0439 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b NX-OS, \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u0443\u044e\u0449\u0435\u0439 \u043d\u0430 Cisco Nexus 9000 Series ACI Mode Switch \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u043a VLAN \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435 \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e LLDP-\u043f\u0430\u043a\u0435\u0442\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://tools.cisco.com/security/center/publicationListing.x\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,4)"
}

CVE-2019-1890 (GCVE-0-2019-1890)

Vulnerability from cvelistv5 – Published: 2019-07-04 20:00 – Updated: 2024-11-21 19:20

Title

Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability

Summary

A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.

Severity ?

7.4 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CWE

CWE-284

Assigner

cisco

References

URL

Tags

	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO
	http://www.securityfocus.com/bid/109052	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Cisco	Cisco NX-OS System Software in ACI Mode 11.0.1b	Affected: unspecified , < 14.1(2g) (custom)

Date Public ?

2019-07-03 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:35:51.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190703 Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass"
          },
          {
            "name": "109052",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/109052"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1890",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T18:57:57.191653Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T19:20:08.670Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco NX-OS System Software in ACI Mode 11.0.1b",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "14.1(2g)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-07-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-05T13:06:01.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190703 Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass"
        },
        {
          "name": "109052",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/109052"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190703-n9kaci-bypass",
        "defect": [
          [
            "CSCvp64280"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-07-03T16:00:00-0700",
          "ID": "CVE-2019-1890",
          "STATE": "PUBLIC",
          "TITLE": "Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco NX-OS System Software in ACI Mode 11.0.1b",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "14.1(2g)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.4",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190703 Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass"
            },
            {
              "name": "109052",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/109052"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190703-n9kaci-bypass",
          "defect": [
            [
              "CSCvp64280"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1890",
    "datePublished": "2019-07-04T20:00:28.607Z",
    "dateReserved": "2018-12-06T00:00:00.000Z",
    "dateUpdated": "2024-11-21T19:20:08.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-02534

CVE-2019-1890 (GCVE-0-2019-1890)

Tags

Sightings

Nomenclature