Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-1890 (GCVE-0-2019-1890)
Vulnerability from cvelistv5
Published
2019-07-04 20:00
Modified
2024-11-21 19:20
Severity ?
EPSS score ?
Summary
A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://www.securityfocus.com/bid/109052 | Third Party Advisory, VDB Entry | |
| ykramarz@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109052 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass | Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco NX-OS System Software in ACI Mode 11.0.1b |
Version: unspecified < 14.1(2g) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:35:51.949Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20190703 Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass", }, { name: "109052", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/109052", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2019-1890", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T18:57:57.191653Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T19:20:08.670Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco NX-OS System Software in ACI Mode 11.0.1b", vendor: "Cisco", versions: [ { lessThan: "14.1(2g)", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-07-03T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.", }, ], exploits: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-05T13:06:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "20190703 Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass", }, { name: "109052", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/109052", }, ], source: { advisory: "cisco-sa-20190703-n9kaci-bypass", defect: [ [ "CSCvp64280", ], ], discovery: "INTERNAL", }, title: "Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-07-03T16:00:00-0700", ID: "CVE-2019-1890", STATE: "PUBLIC", TITLE: "Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco NX-OS System Software in ACI Mode 11.0.1b", version: { version_data: [ { affected: "<", version_affected: "<", version_value: "14.1(2g)", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.", }, ], }, exploit: [ { lang: "en", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", }, ], impact: { cvss: { baseScore: "7.4", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-284", }, ], }, ], }, references: { reference_data: [ { name: "20190703 Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass", }, { name: "109052", refsource: "BID", url: "http://www.securityfocus.com/bid/109052", }, ], }, source: { advisory: "cisco-sa-20190703-n9kaci-bypass", defect: [ [ "CSCvp64280", ], ], discovery: "INTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2019-1890", datePublished: "2019-07-04T20:00:28.607785Z", dateReserved: "2018-12-06T00:00:00", dateUpdated: "2024-11-21T19:20:08.670Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:application_policy_infrastructure_controller:7.3\\\\(0\\\\)zn\\\\(0.113\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A9DBF19-A5F0-4F62-84FB-1C73FCA1BF23\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:9432pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E88418C-0BC4-4D90-A14D-0B89F8399AA5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:9536pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4AB93AD1-B5DD-4A69-B1A3-3F163BD2D8BA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:9636pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19F88FB2-1A75-4166-A4F5-039D67EAA1D9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:9736pq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A01B0559-5632-4658-AA3A-221DD28D963F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:n9k-x9432c-s:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"082A5A44-DC9A-4B48-8F28-1D0EC7F82410\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:n9k-x9464px:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19BCB669-5CC8-4C67-B34C-3F5ADDD4C232\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:n9k-x9464tx2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5E693D2-F1D5-4D22-885B-AE853221ABA9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:n9k-x9564px:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C63F63AD-94EC-4A6D-92AF-7FBF6275746A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:n9k-x9564tx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"490EAB88-A0F3-4A88-9A81-B414CE78B34B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:n9k-x9636c-r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A9CE53D-E8B7-46CD-9B8B-C746A2524BA8\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:n9k-x9636c-rx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6782DA1-5568-410D-86E6-2C2B909693DD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:n9k-x97160yc-ex:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04A26215-DEB3-4337-AFE0-5E23C760060D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:n9k-x9732c-ex:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B8F7177-147E-47C0-ADFB-4CD0768D52CD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:n9k-x9732c-fx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06A72F9F-773A-463D-8BEB-6B316DF21CFD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:n9k-x9736c-ex:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FC94E7D-84AF-4D2A-85A7-264CED2D107B\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:n9k-x9736c-fx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC0082AD-1EFB-4AFE-9974-EAAB926553F3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:n9k-x9788tc-fx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BFAAE41-AD17-4F69-9029-8DD90D824E6F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4283E433-7F8C-4410-B565-471415445811\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A90184B3-C82F-4CE5-B2AD-97D5E4690871\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07DE6F63-2C7D-415B-8C34-01EC05C062F3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"102F91CD-DFB6-43D4-AE5B-DA157A696230\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F70D81F1-8B12-4474-9060-B4934D8A3873\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7349D69B-D8FA-4462-AA28-69DD18A652D9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"91231DC6-2773-4238-8C14-A346F213B5E5\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DF88547-BAF4-47B0-9F60-80A30297FCEB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C45A38D6-BED6-4FEF-AD87-A1E813695DE0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1FC2B1F-232E-4754-8076-CC82F3648730\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CF467E2-4567-426E-8F48-39669E0F514C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63842B25-8C32-4988-BBBD-61E9CB09B4F3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:x9636q-r:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90F30A43-9E4F-4A03-8060-A38B0925DBD2\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el establecimiento de conexi\\u00f3n VLAN de la infraestructura de Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software podr\\u00eda permitir a un atacante adyacente no autenticado eludir las validaciones de seguridad y conectar un servidor no autorizado a la infraestructura VLAN. La vulnerabilidad se debe a requisitos de seguridad insuficientes durante la fase de configuraci\\u00f3n del protocolo de descubrimiento de capa de enlace (LLDP) de la infraestructura VLAN. Un atacante podr\\u00eda aprovechar esta vulnerabilidad enviando un paquete LLDP malintencionado en la subred adyacente al conmutador Cisco Nexus 9000 Series en modo ACI. Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir que el atacante conecte un servidor no autorizado a la infraestructura VLAN, que es altamente privilegiada. Con una conexi\\u00f3n a la VLAN de infraestructura, el atacante puede realizar conexiones no autorizadas a los servicios Cisco Application Policy Infrastructure Controller (APIC) o unirse a otros puntos finales de host.\"}]", id: "CVE-2019-1890", lastModified: "2024-11-21T04:37:37.437", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV30\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 3.3, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.5, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2019-07-04T20:15:11.123", references: "[{\"url\": \"http://www.securityfocus.com/bid/109052\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/109052\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]", sourceIdentifier: "ykramarz@cisco.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2019-1890\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2019-07-04T20:15:11.123\",\"lastModified\":\"2024-11-21T04:37:37.437\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el establecimiento de conexión VLAN de la infraestructura de Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software podría permitir a un atacante adyacente no autenticado eludir las validaciones de seguridad y conectar un servidor no autorizado a la infraestructura VLAN. La vulnerabilidad se debe a requisitos de seguridad insuficientes durante la fase de configuración del protocolo de descubrimiento de capa de enlace (LLDP) de la infraestructura VLAN. Un atacante podría aprovechar esta vulnerabilidad enviando un paquete LLDP malintencionado en la subred adyacente al conmutador Cisco Nexus 9000 Series en modo ACI. Una explotación con éxito podría permitir que el atacante conecte un servidor no autorizado a la infraestructura VLAN, que es altamente privilegiada. Con una conexión a la VLAN de infraestructura, el atacante puede realizar conexiones no autorizadas a los servicios Cisco Application Policy Infrastructure Controller (APIC) o unirse a otros puntos finales de host.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":3.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.5,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:application_policy_infrastructure_controller:7.3\\\\(0\\\\)zn\\\\(0.113\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A9DBF19-A5F0-4F62-84FB-1C73FCA1BF23\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:9432pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E88418C-0BC4-4D90-A14D-0B89F8399AA5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:9536pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AB93AD1-B5DD-4A69-B1A3-3F163BD2D8BA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:9636pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19F88FB2-1A75-4166-A4F5-039D67EAA1D9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:9736pq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A01B0559-5632-4658-AA3A-221DD28D963F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:n9k-x9432c-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"082A5A44-DC9A-4B48-8F28-1D0EC7F82410\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:n9k-x9464px:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19BCB669-5CC8-4C67-B34C-3F5ADDD4C232\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:n9k-x9464tx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5E693D2-F1D5-4D22-885B-AE853221ABA9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:n9k-x9564px:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C63F63AD-94EC-4A6D-92AF-7FBF6275746A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:n9k-x9564tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"490EAB88-A0F3-4A88-9A81-B414CE78B34B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:n9k-x9636c-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A9CE53D-E8B7-46CD-9B8B-C746A2524BA8\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:n9k-x9636c-rx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6782DA1-5568-410D-86E6-2C2B909693DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:n9k-x97160yc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04A26215-DEB3-4337-AFE0-5E23C760060D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:n9k-x9732c-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8F7177-147E-47C0-ADFB-4CD0768D52CD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:n9k-x9732c-fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06A72F9F-773A-463D-8BEB-6B316DF21CFD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:n9k-x9736c-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FC94E7D-84AF-4D2A-85A7-264CED2D107B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:n9k-x9736c-fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC0082AD-1EFB-4AFE-9974-EAAB926553F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:n9k-x9788tc-fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BFAAE41-AD17-4F69-9029-8DD90D824E6F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4283E433-7F8C-4410-B565-471415445811\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A90184B3-C82F-4CE5-B2AD-97D5E4690871\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DE6F63-2C7D-415B-8C34-01EC05C062F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"102F91CD-DFB6-43D4-AE5B-DA157A696230\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F70D81F1-8B12-4474-9060-B4934D8A3873\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7349D69B-D8FA-4462-AA28-69DD18A652D9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91231DC6-2773-4238-8C14-A346F213B5E5\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DF88547-BAF4-47B0-9F60-80A30297FCEB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C45A38D6-BED6-4FEF-AD87-A1E813695DE0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1FC2B1F-232E-4754-8076-CC82F3648730\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF467E2-4567-426E-8F48-39669E0F514C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63842B25-8C32-4988-BBBD-61E9CB09B4F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:x9636q-r:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90F30A43-9E4F-4A03-8060-A38B0925DBD2\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/109052\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/109052\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
gsd-2019-1890
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.
Aliases
Aliases
{ GSD: { alias: "CVE-2019-1890", description: "A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.", id: "GSD-2019-1890", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2019-1890", ], details: "A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.", id: "GSD-2019-1890", modified: "2023-12-13T01:23:51.624184Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2019-07-03T16:00:00-0700", ID: "CVE-2019-1890", STATE: "PUBLIC", TITLE: "Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco NX-OS System Software in ACI Mode 11.0.1b", version: { version_data: [ { affected: "<", version_value: "14.1(2g)", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.", }, ], }, exploit: [ { lang: "eng", value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. ", }, ], impact: { cvss: { baseScore: "7.4", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N ", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-284", }, ], }, ], }, references: { reference_data: [ { name: "20190703 Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability", refsource: "CISCO", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass", }, { name: "109052", refsource: "BID", url: "http://www.securityfocus.com/bid/109052", }, ], }, source: { advisory: "cisco-sa-20190703-n9kaci-bypass", defect: [ [ "CSCvp64280", ], ], discovery: "INTERNAL", }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:cisco:application_policy_infrastructure_controller:7.3\\(0\\)zn\\(0.113\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9432c-s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9464tx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9732c-fx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9736c-fx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9564px:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9564tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9636c-r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9636c-rx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x97160yc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:9432pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:9536pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:9636pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9788tc-fx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:x9636q-r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:9736pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9464px:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9732c-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9736c-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2019-1890", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], }, ], }, references: { reference_data: [ { name: "20190703 Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability", refsource: "CISCO", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass", }, { name: "109052", refsource: "BID", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/109052", }, ], }, }, impact: { baseMetricV2: { acInsufInfo: false, cvssV2: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", userInteractionRequired: false, }, baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, }, }, lastModifiedDate: "2020-10-16T15:09Z", publishedDate: "2019-07-04T20:15Z", }, }, }
fkie_cve-2019-1890
Vulnerability from fkie_nvd
Published
2019-07-04 20:15
Modified
2024-11-21 04:37
Severity ?
Summary
A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| psirt@cisco.com | http://www.securityfocus.com/bid/109052 | Third Party Advisory, VDB Entry | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/109052 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | application_policy_infrastructure_controller | 7.3\(0\)zn\(0.113\) | |
| cisco | 9432pq | - | |
| cisco | 9536pq | - | |
| cisco | 9636pq | - | |
| cisco | 9736pq | - | |
| cisco | n9k-x9432c-s | - | |
| cisco | n9k-x9464px | - | |
| cisco | n9k-x9464tx2 | - | |
| cisco | n9k-x9564px | - | |
| cisco | n9k-x9564tx | - | |
| cisco | n9k-x9636c-r | - | |
| cisco | n9k-x9636c-rx | - | |
| cisco | n9k-x97160yc-ex | - | |
| cisco | n9k-x9732c-ex | - | |
| cisco | n9k-x9732c-fx | - | |
| cisco | n9k-x9736c-ex | - | |
| cisco | n9k-x9736c-fx | - | |
| cisco | n9k-x9788tc-fx | - | |
| cisco | nexus_92160yc-x | - | |
| cisco | nexus_93108tc-ex | - | |
| cisco | nexus_93108tc-fx | - | |
| cisco | nexus_93120tx | - | |
| cisco | nexus_9316d-gx | - | |
| cisco | nexus_93180yc-ex | - | |
| cisco | nexus_93180yc-fx | - | |
| cisco | nexus_93216tc-fx2 | - | |
| cisco | nexus_93240yc-fx2 | - | |
| cisco | nexus_9332c | - | |
| cisco | nexus_93360yc-fx2 | - | |
| cisco | nexus_9336c-fx2 | - | |
| cisco | nexus_9348gc-fxp | - | |
| cisco | nexus_93600cd-gx | - | |
| cisco | nexus_9364c | - | |
| cisco | x9636q-r | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:cisco:application_policy_infrastructure_controller:7.3\\(0\\)zn\\(0.113\\):*:*:*:*:*:*:*", matchCriteriaId: "2A9DBF19-A5F0-4F62-84FB-1C73FCA1BF23", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:9432pq:-:*:*:*:*:*:*:*", matchCriteriaId: "5E88418C-0BC4-4D90-A14D-0B89F8399AA5", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:9536pq:-:*:*:*:*:*:*:*", matchCriteriaId: "4AB93AD1-B5DD-4A69-B1A3-3F163BD2D8BA", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:9636pq:-:*:*:*:*:*:*:*", matchCriteriaId: "19F88FB2-1A75-4166-A4F5-039D67EAA1D9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:9736pq:-:*:*:*:*:*:*:*", matchCriteriaId: "A01B0559-5632-4658-AA3A-221DD28D963F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:n9k-x9432c-s:-:*:*:*:*:*:*:*", matchCriteriaId: "082A5A44-DC9A-4B48-8F28-1D0EC7F82410", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:n9k-x9464px:-:*:*:*:*:*:*:*", matchCriteriaId: "19BCB669-5CC8-4C67-B34C-3F5ADDD4C232", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:n9k-x9464tx2:-:*:*:*:*:*:*:*", matchCriteriaId: "D5E693D2-F1D5-4D22-885B-AE853221ABA9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:n9k-x9564px:-:*:*:*:*:*:*:*", matchCriteriaId: "C63F63AD-94EC-4A6D-92AF-7FBF6275746A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:n9k-x9564tx:-:*:*:*:*:*:*:*", matchCriteriaId: "490EAB88-A0F3-4A88-9A81-B414CE78B34B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:n9k-x9636c-r:-:*:*:*:*:*:*:*", matchCriteriaId: "7A9CE53D-E8B7-46CD-9B8B-C746A2524BA8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:n9k-x9636c-rx:-:*:*:*:*:*:*:*", matchCriteriaId: "C6782DA1-5568-410D-86E6-2C2B909693DD", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:n9k-x97160yc-ex:-:*:*:*:*:*:*:*", matchCriteriaId: "04A26215-DEB3-4337-AFE0-5E23C760060D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:n9k-x9732c-ex:-:*:*:*:*:*:*:*", matchCriteriaId: "6B8F7177-147E-47C0-ADFB-4CD0768D52CD", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:n9k-x9732c-fx:-:*:*:*:*:*:*:*", matchCriteriaId: "06A72F9F-773A-463D-8BEB-6B316DF21CFD", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:n9k-x9736c-ex:-:*:*:*:*:*:*:*", matchCriteriaId: "8FC94E7D-84AF-4D2A-85A7-264CED2D107B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:n9k-x9736c-fx:-:*:*:*:*:*:*:*", matchCriteriaId: "BC0082AD-1EFB-4AFE-9974-EAAB926553F3", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:n9k-x9788tc-fx:-:*:*:*:*:*:*:*", matchCriteriaId: "4BFAAE41-AD17-4F69-9029-8DD90D824E6F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*", matchCriteriaId: "4283E433-7F8C-4410-B565-471415445811", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*", matchCriteriaId: "A90184B3-C82F-4CE5-B2AD-97D5E4690871", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*", matchCriteriaId: "4AB89849-6DA4-4C9D-BC3F-EE0E41FD1901", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*", matchCriteriaId: "07DE6F63-2C7D-415B-8C34-01EC05C062F3", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*", matchCriteriaId: "102F91CD-DFB6-43D4-AE5B-DA157A696230", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*", matchCriteriaId: "F70D81F1-8B12-4474-9060-B4934D8A3873", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*", matchCriteriaId: "7349D69B-D8FA-4462-AA28-69DD18A652D9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*", matchCriteriaId: "B1CC5F78-E88B-4B82-9E3E-C73D3A49DE26", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*", matchCriteriaId: "91231DC6-2773-4238-8C14-A346F213B5E5", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*", matchCriteriaId: "2DF88547-BAF4-47B0-9F60-80A30297FCEB", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*", matchCriteriaId: "C45A38D6-BED6-4FEF-AD87-A1E813695DE0", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*", matchCriteriaId: "F1FC2B1F-232E-4754-8076-CC82F3648730", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*", matchCriteriaId: "17C7E3DB-8E1A-47AD-B1C5-61747DC0CFB9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*", matchCriteriaId: "2CF467E2-4567-426E-8F48-39669E0F514C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*", matchCriteriaId: "63842B25-8C32-4988-BBBD-61E9CB09B4F3", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:x9636q-r:-:*:*:*:*:*:*:*", matchCriteriaId: "90F30A43-9E4F-4A03-8060-A38B0925DBD2", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.", }, { lang: "es", value: "Una vulnerabilidad en el establecimiento de conexión VLAN de la infraestructura de Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software podría permitir a un atacante adyacente no autenticado eludir las validaciones de seguridad y conectar un servidor no autorizado a la infraestructura VLAN. La vulnerabilidad se debe a requisitos de seguridad insuficientes durante la fase de configuración del protocolo de descubrimiento de capa de enlace (LLDP) de la infraestructura VLAN. Un atacante podría aprovechar esta vulnerabilidad enviando un paquete LLDP malintencionado en la subred adyacente al conmutador Cisco Nexus 9000 Series en modo ACI. Una explotación con éxito podría permitir que el atacante conecte un servidor no autorizado a la infraestructura VLAN, que es altamente privilegiada. Con una conexión a la VLAN de infraestructura, el atacante puede realizar conexiones no autorizadas a los servicios Cisco Application Policy Infrastructure Controller (APIC) o unirse a otros puntos finales de host.", }, ], id: "CVE-2019-1890", lastModified: "2024-11-21T04:37:37.437", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:A/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.5, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4, source: "psirt@cisco.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-04T20:15:11.123", references: [ { source: "psirt@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/109052", }, { source: "psirt@cisco.com", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/109052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass", }, ], sourceIdentifier: "psirt@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "psirt@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-201907-0236
Vulnerability from variot
A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints. The Cisco Nexus 9000 Series Fabric Switches is a 9000 series fabric switch from Cisco. This issue is being tracked by Cisco Bug CSCvp64280
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201907-0236", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "nexus series aci mode switches 11.0", scope: "eq", trust: 1.5, vendor: "cisco", version: "9000", }, { model: "application policy infrastructure controller", scope: "eq", trust: 1, vendor: "cisco", version: "7.3\\(0\\)zn\\(0.113\\)", }, { model: "application policy infrastructure controller software", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "nexus series fabric switches", scope: "eq", trust: 0.6, vendor: "cisco", version: "9000", }, { model: "nexus series fabric switches aci mode", scope: "eq", trust: 0.3, vendor: "cisco", version: "9000-0", }, { model: "nexus series aci mode switches 14.0", scope: "eq", trust: 0.3, vendor: "cisco", version: "9000", }, { model: "nexus series aci mode switches", scope: "eq", trust: 0.3, vendor: "cisco", version: "900013.2(3.170)", }, { model: "nexus series aci mode switches 11.1", scope: "eq", trust: 0.3, vendor: "cisco", version: "9000", }, { model: "nexus series aci mode switches 14.1", scope: "ne", trust: 0.3, vendor: "cisco", version: "9000", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-21309", }, { db: "BID", id: "109052", }, { db: "JVNDB", id: "JVNDB-2019-006200", }, { db: "NVD", id: "CVE-2019-1890", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:cisco:application_policy_infrastructure_controller:7.3\\(0\\)zn\\(0.113\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9432c-s:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9464tx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9732c-fx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9736c-fx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9348gc-fxp:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9364c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9564px:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9564tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9636c-r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9636c-rx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x97160yc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93216tc-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93240yc-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9332c:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93360yc-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:9432pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:9536pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:9636pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9788tc-fx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_92160yc-x:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-fx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:x9636q-r:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:9736pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9464px:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9732c-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:n9k-x9736c-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9316d-gx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-fx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_9336c-fx2:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, { cpe23Uri: "cpe:2.3:h:cisco:nexus_93600cd-gx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-1890", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "The vendor reported this issue.", sources: [ { db: "BID", id: "109052", }, ], trust: 0.3, }, cve: "CVE-2019-1890", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "NONE", exploitabilityScore: 6.5, impactScore: 2.9, integrityImpact: "PARTIAL", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "LOW", trust: 1, userInteractionRequired: false, vectorString: "AV:A/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Adjacent Network", authentication: "None", author: "NVD", availabilityImpact: "None", baseScore: 3.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-1890", impactScore: null, integrityImpact: "Partial", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Low", trust: 0.9, userInteractionRequired: null, vectorString: "AV:A/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "CNVD", availabilityImpact: "NONE", baseScore: 6.1, confidentialityImpact: "NONE", exploitabilityScore: 6.5, id: "CNVD-2019-21309", impactScore: 6.9, integrityImpact: "COMPLETE", severity: "MEDIUM", trust: 0.6, vectorString: "AV:A/AC:L/Au:N/C:N/I:C/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "ADJACENT_NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 3.3, confidentialityImpact: "NONE", exploitabilityScore: 6.5, id: "VHN-151292", impactScore: 2.9, integrityImpact: "PARTIAL", severity: "LOW", trust: 0.1, vectorString: "AV:A/AC:L/AU:N/C:N/I:P/A:N", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "NVD", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 3.6, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, { attackComplexity: "LOW", attackVector: "ADJACENT_NETWORK", author: "ykramarz@cisco.com", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "NONE", exploitabilityScore: 2.8, impactScore: 4, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", version: "3.0", }, { attackComplexity: "Low", attackVector: "Adjacent Network", author: "NVD", availabilityImpact: "None", baseScore: 6.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2019-1890", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-1890", trust: 1.8, value: "MEDIUM", }, { author: "ykramarz@cisco.com", id: "CVE-2019-1890", trust: 1, value: "HIGH", }, { author: "CNVD", id: "CNVD-2019-21309", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-201907-230", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-151292", trust: 0.1, value: "LOW", }, { author: "VULMON", id: "CVE-2019-1890", trust: 0.1, value: "LOW", }, ], }, ], sources: [ { db: "CNVD", id: "CNVD-2019-21309", }, { db: "VULHUB", id: "VHN-151292", }, { db: "VULMON", id: "CVE-2019-1890", }, { db: "JVNDB", id: "JVNDB-2019-006200", }, { db: "CNNVD", id: "CNNVD-201907-230", }, { db: "NVD", id: "CVE-2019-1890", }, { db: "NVD", id: "CVE-2019-1890", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints. The Cisco Nexus 9000 Series Fabric Switches is a 9000 series fabric switch from Cisco. \nThis issue is being tracked by Cisco Bug CSCvp64280", sources: [ { db: "NVD", id: "CVE-2019-1890", }, { db: "JVNDB", id: "JVNDB-2019-006200", }, { db: "CNVD", id: "CNVD-2019-21309", }, { db: "BID", id: "109052", }, { db: "VULHUB", id: "VHN-151292", }, { db: "VULMON", id: "CVE-2019-1890", }, ], trust: 2.61, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-1890", trust: 3.5, }, { db: "BID", id: "109052", trust: 2.1, }, { db: "JVNDB", id: "JVNDB-2019-006200", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201907-230", trust: 0.7, }, { db: "CNVD", id: "CNVD-2019-21309", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2019.2439", trust: 0.6, }, { db: "VULHUB", id: "VHN-151292", trust: 0.1, }, { db: "VULMON", id: "CVE-2019-1890", trust: 0.1, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-21309", }, { db: "VULHUB", id: "VHN-151292", }, { db: "VULMON", id: "CVE-2019-1890", }, { db: "BID", id: "109052", }, { db: "JVNDB", id: "JVNDB-2019-006200", }, { db: "CNNVD", id: "CNNVD-201907-230", }, { db: "NVD", id: "CVE-2019-1890", }, ], }, id: "VAR-201907-0236", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "CNVD", id: "CNVD-2019-21309", }, { db: "VULHUB", id: "VHN-151292", }, ], trust: 1.7, }, iot_taxonomy: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { category: [ "Network device", ], sub_category: null, trust: 0.6, }, ], sources: [ { db: "CNVD", id: "CNVD-2019-21309", }, ], }, last_update_date: "2024-02-13T23:00:58.031000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "cisco-sa-20190703-n9kaci-bypass", trust: 0.8, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-n9kaci-bypass", }, { title: "CiscoNexus 9000 Series FabricSwitches Access Control Error Vulnerability Patch", trust: 0.6, url: "https://www.cnvd.org.cn/patchinfo/show/167121", }, { title: "Cisco Nexus 9000 Series Fabric Switches Fixes for access control error vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94419", }, { title: "Cisco: Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190703-n9kaci-bypass", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-21309", }, { db: "VULMON", id: "CVE-2019-1890", }, { db: "JVNDB", id: "JVNDB-2019-006200", }, { db: "CNNVD", id: "CNNVD-201907-230", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "CWE-284", trust: 0.9, }, ], sources: [ { db: "VULHUB", id: "VHN-151292", }, { db: "JVNDB", id: "JVNDB-2019-006200", }, { db: "NVD", id: "CVE-2019-1890", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.2, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190703-n9kaci-bypass", }, { trust: 2, url: "https://nvd.nist.gov/vuln/detail/cve-2019-1890", }, { trust: 1.8, url: "http://www.securityfocus.com/bid/109052", }, { trust: 0.9, url: "http://www.cisco.com/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1890", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2019.2439/", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/cisco-nexus-9000-privilege-escalation-via-vlan-29692", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, ], sources: [ { db: "CNVD", id: "CNVD-2019-21309", }, { db: "VULHUB", id: "VHN-151292", }, { db: "VULMON", id: "CVE-2019-1890", }, { db: "BID", id: "109052", }, { db: "JVNDB", id: "JVNDB-2019-006200", }, { db: "CNNVD", id: "CNNVD-201907-230", }, { db: "NVD", id: "CVE-2019-1890", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "CNVD", id: "CNVD-2019-21309", }, { db: "VULHUB", id: "VHN-151292", }, { db: "VULMON", id: "CVE-2019-1890", }, { db: "BID", id: "109052", }, { db: "JVNDB", id: "JVNDB-2019-006200", }, { db: "CNNVD", id: "CNNVD-201907-230", }, { db: "NVD", id: "CVE-2019-1890", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-07-05T00:00:00", db: "CNVD", id: "CNVD-2019-21309", }, { date: "2019-07-04T00:00:00", db: "VULHUB", id: "VHN-151292", }, { date: "2019-07-04T00:00:00", db: "VULMON", id: "CVE-2019-1890", }, { date: "2019-07-03T00:00:00", db: "BID", id: "109052", }, { date: "2019-07-12T00:00:00", db: "JVNDB", id: "JVNDB-2019-006200", }, { date: "2019-07-03T00:00:00", db: "CNNVD", id: "CNNVD-201907-230", }, { date: "2019-07-04T20:15:11.123000", db: "NVD", id: "CVE-2019-1890", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-07-05T00:00:00", db: "CNVD", id: "CNVD-2019-21309", }, { date: "2020-10-16T00:00:00", db: "VULHUB", id: "VHN-151292", }, { date: "2020-10-16T00:00:00", db: "VULMON", id: "CVE-2019-1890", }, { date: "2019-07-03T00:00:00", db: "BID", id: "109052", }, { date: "2019-07-12T00:00:00", db: "JVNDB", id: "JVNDB-2019-006200", }, { date: "2020-10-21T00:00:00", db: "CNNVD", id: "CNNVD-201907-230", }, { date: "2020-10-16T15:09:50.100000", db: "NVD", id: "CVE-2019-1890", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote or local", sources: [ { db: "CNNVD", id: "CNNVD-201907-230", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cisco Nexus 9000 Series Fabric Switches Access Control Error Vulnerability", sources: [ { db: "CNVD", id: "CNVD-2019-21309", }, { db: "CNNVD", id: "CNNVD-201907-230", }, ], trust: 1.2, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-201907-230", }, ], trust: 0.6, }, }
ghsa-6gv5-cvcq-3x2c
Vulnerability from github
Published
2022-05-24 16:49
Modified
2024-04-04 01:11
Severity ?
Details
A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.
{ affected: [], aliases: [ "CVE-2019-1890", ], database_specific: { cwe_ids: [ "CWE-284", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2019-07-04T20:15:00Z", severity: "MODERATE", }, details: "A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.", id: "GHSA-6gv5-cvcq-3x2c", modified: "2024-04-04T01:11:44Z", published: "2022-05-24T16:49:33Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-1890", }, { type: "WEB", url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass", }, { type: "WEB", url: "http://www.securityfocus.com/bid/109052", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", type: "CVSS_V3", }, ], }
cisco-sa-20190703-n9kaci-bypass
Vulnerability from csaf_cisco
Published
2019-07-03 16:00
Modified
2019-07-03 16:00
Summary
Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability
Notes
Summary
A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN.
The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.
Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass"]
Vulnerable Products
This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI mode if they are running a Cisco Nexus 9000 Series ACI Mode Switch Software release prior to 14.1(2g) and are using the default permissive mode setting for fabric secure mode. Refer to the Workarounds ["#wa"] section for further information.
For information about fixed software releases, see the Fixed Software ["#fs"] section of this advisory.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following Cisco products if they are running the Cisco FXOS or Cisco NX-OS Software:
Firepower 2100 Series
Firepower 4100 Series
Firepower 9300 Security Appliances
MDS 9000 Series Multilayer Switches
Nexus 1000V Switch for Microsoft Hyper-V
Nexus 1000V Switch for VMware vSphere
Nexus 3000 Series Switches
Nexus 3500 Platform Switches
Nexus 3600 Platform Switches
Nexus 5500 Platform Switches
Nexus 5600 Platform Switches
Nexus 6000 Series Switches
Nexus 7000 Series Switches
Nexus 7700 Series Switches
Nexus 9000 Series Switches in standalone NX-OS mode
Nexus 9500 R-Series Switching Platform
UCS 6200 Series Fabric Interconnects
UCS 6300 Series Fabric Interconnects
UCS 6400 Series Fabric Interconnects
Workarounds
If strict mode is configured, this vulnerability cannot be exploited. Strict mode enforces the following further firmware security checks before allowing a connection:
Allows only switches with a valid Cisco serial number and Secure Sockets Layer (SSL) certificate.
Requires serial number-based authorization.
Requires an administrator to manually authorize controllers and switches to join the fabric.
Administrators can determine if an interface is configured in strict mode by verifying that the system fabric-security-mode strict command is present in the running configuration.
apic# show running-config | grep strict system fabric-security-mode strict
For additional information on configuring strict mode, refer to Configuring Fabric Secure Mode ["https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/cli/nx/cfg/b_APIC_NXOS_CLI_User_Guide/b_APIC_NXOS_CLI_User_Guide_chapter_01110.html#task_E123581BDA62418284F2206981AC322B"].
Fixed Software
Cisco has released free software updates ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"] that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html ["https://www.cisco.com/c/en/us/products/end-user-license-agreement.html"]
Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:
https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html ["https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html"]
Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.
Fixed Releases
This vulnerability is fixed in Cisco Nexus 9000 Series ACI Mode Switch Software Release 14.1(2g) and later.
Vulnerability Policy
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Source
Cisco would like to thank Oliver Matula from ERNW Enno Rey Netzwerke GmbH in cooperation with ERNW Research GmbH for reporting this vulnerability.
Legal Disclaimer
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
{ document: { acknowledgments: [ { summary: "Cisco would like to thank Oliver Matula from ERNW Enno Rey Netzwerke GmbH in cooperation with ERNW Research GmbH for reporting this vulnerability.", }, ], category: "csaf_security_advisory", csaf_version: "2.0", notes: [ { category: "summary", text: "A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN.\r\n\r\nThe vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.\r\n\r\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.\r\n\r\nThis advisory is available at the following link:\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass\"]", title: "Summary", }, { category: "general", text: "This vulnerability affects Cisco Nexus 9000 Series Fabric Switches in ACI mode if they are running a Cisco Nexus 9000 Series ACI Mode Switch Software release prior to 14.1(2g) and are using the default permissive mode setting for fabric secure mode. Refer to the Workarounds [\"#wa\"] section for further information.\r\n\r\nFor information about fixed software releases, see the Fixed Software [\"#fs\"] section of this advisory.", title: "Vulnerable Products", }, { category: "general", text: "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that this vulnerability does not affect the following Cisco products if they are running the Cisco FXOS or Cisco NX-OS Software:\r\n\r\nFirepower 2100 Series\r\nFirepower 4100 Series\r\nFirepower 9300 Security Appliances\r\nMDS 9000 Series Multilayer Switches\r\nNexus 1000V Switch for Microsoft Hyper-V\r\nNexus 1000V Switch for VMware vSphere\r\nNexus 3000 Series Switches\r\nNexus 3500 Platform Switches\r\nNexus 3600 Platform Switches\r\nNexus 5500 Platform Switches\r\nNexus 5600 Platform Switches\r\nNexus 6000 Series Switches\r\nNexus 7000 Series Switches\r\nNexus 7700 Series Switches\r\nNexus 9000 Series Switches in standalone NX-OS mode\r\nNexus 9500 R-Series Switching Platform\r\nUCS 6200 Series Fabric Interconnects\r\nUCS 6300 Series Fabric Interconnects\r\nUCS 6400 Series Fabric Interconnects", title: "Products Confirmed Not Vulnerable", }, { category: "general", text: "If strict mode is configured, this vulnerability cannot be exploited. Strict mode enforces the following further firmware security checks before allowing a connection:\r\n\r\nAllows only switches with a valid Cisco serial number and Secure Sockets Layer (SSL) certificate.\r\nRequires serial number-based authorization.\r\nRequires an administrator to manually authorize controllers and switches to join the fabric.\r\n\r\nAdministrators can determine if an interface is configured in strict mode by verifying that the system fabric-security-mode strict command is present in the running configuration.\r\n\r\n\r\n\r\napic# show running-config | grep strict system fabric-security-mode strict\r\n\r\nFor additional information on configuring strict mode, refer to Configuring Fabric Secure Mode [\"https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/cli/nx/cfg/b_APIC_NXOS_CLI_User_Guide/b_APIC_NXOS_CLI_User_Guide_chapter_01110.html#task_E123581BDA62418284F2206981AC322B\"].", title: "Workarounds", }, { category: "general", text: "Cisco has released free software updates [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"] that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html [\"https://www.cisco.com/c/en/us/products/end-user-license-agreement.html\"]\r\n\r\nAdditionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.\r\n\r\nWhen considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.\r\n\r\nCustomers Without Service Contracts\r\n\r\nCustomers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:\r\nhttps://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html [\"https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html\"]\r\n\r\nCustomers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.\r\n\r\nFixed Releases\r\n\r\nThis vulnerability is fixed in Cisco Nexus 9000 Series ACI Mode Switch Software Release 14.1(2g) and later.", title: "Fixed Software", }, { category: "general", text: "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.", title: "Vulnerability Policy", }, { category: "general", text: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.", title: "Exploitation and Public Announcements", }, { category: "general", text: "Cisco would like to thank Oliver Matula from ERNW Enno Rey Netzwerke GmbH in cooperation with ERNW Research GmbH for reporting this vulnerability.", title: "Source", }, { category: "legal_disclaimer", text: "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.", title: "Legal Disclaimer", }, ], publisher: { category: "vendor", contact_details: "Emergency Support:\r\n+1 877 228 7302 (toll-free within North America)\r\n+1 408 525 6532 (International direct-dial)\r\nNon-emergency Support:\r\nEmail: psirt@cisco.com\r\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.", issuing_authority: "Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\r\nMore information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html", name: "Cisco", namespace: "https://wwww.cisco.com", }, references: [ { category: "self", summary: "Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass", }, { category: "external", summary: "Cisco Security Vulnerability Policy", url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html", }, { category: "external", summary: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass", }, { category: "external", summary: "Configuring Fabric Secure Mode", url: "https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/cli/nx/cfg/b_APIC_NXOS_CLI_User_Guide/b_APIC_NXOS_CLI_User_Guide_chapter_01110.html#task_E123581BDA62418284F2206981AC322B", }, { category: "external", summary: "free software updates", url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes", }, { category: "external", summary: "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html", url: "https://www.cisco.com/c/en/us/products/end-user-license-agreement.html", }, { category: "external", summary: "Cisco Security Advisories and Alerts page", url: "https://www.cisco.com/go/psirt", }, { category: "external", summary: "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html", url: "https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html", }, { category: "external", summary: "Security Vulnerability Policy", url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html", }, ], title: "Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability", tracking: { current_release_date: "2019-07-03T16:00:00+00:00", generator: { date: "2022-09-03T03:08:50+00:00", engine: { name: "TVCE", }, }, id: "cisco-sa-20190703-n9kaci-bypass", initial_release_date: "2019-07-03T16:00:00+00:00", revision_history: [ { date: "2019-07-03T14:33:06+00:00", number: "1.0.0", summary: "Initial public release.", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { branches: [ { branches: [ { category: "service_pack", name: "11.1(1j)", product: { name: "11.1(1j)", product_id: "CSAFPID-241206", }, }, { category: "service_pack", name: "11.1(1o)", product: { name: "11.1(1o)", product_id: "CSAFPID-241237", }, }, { category: "service_pack", name: "11.1(1r)", product: { name: "11.1(1r)", product_id: "CSAFPID-241238", }, }, { category: "service_pack", name: "11.1(1s)", product: { name: "11.1(1s)", product_id: "CSAFPID-241239", }, }, { category: "service_pack", name: "11.1(2h)", product: { name: "11.1(2h)", product_id: "CSAFPID-241240", }, }, { category: "service_pack", name: "11.1(2i)", product: { name: "11.1(2i)", product_id: "CSAFPID-241241", }, }, { category: "service_pack", name: "11.1(3f)", product: { name: "11.1(3f)", product_id: "CSAFPID-241242", }, }, { category: "service_pack", name: "11.1(4e)", product: { name: "11.1(4e)", product_id: "CSAFPID-241243", }, }, { category: "service_pack", name: "11.1(4f)", product: { name: "11.1(4f)", product_id: "CSAFPID-257359", }, }, { category: "service_pack", name: "11.1(4g)", product: { name: "11.1(4g)", product_id: "CSAFPID-257360", }, }, { category: "service_pack", name: "11.1(4i)", product: { name: "11.1(4i)", product_id: "CSAFPID-257361", }, }, { category: "service_pack", name: "11.1(4l)", product: { name: "11.1(4l)", product_id: "CSAFPID-257362", }, }, { category: "service_pack", name: "11.1(4m)", product: { name: "11.1(4m)", product_id: "CSAFPID-257363", }, }, ], category: "product_version", name: "11.1", }, { branches: [ { category: "service_pack", name: "11.2(1i)", product: { name: "11.2(1i)", product_id: "CSAFPID-241208", }, }, { category: "service_pack", name: "11.2(2g)", product: { name: "11.2(2g)", product_id: "CSAFPID-241235", }, }, { category: "service_pack", name: "11.2(3c)", product: { name: "11.2(3c)", product_id: "CSAFPID-241236", }, }, { category: "service_pack", name: "11.2(2h)", product: { name: "11.2(2h)", product_id: "CSAFPID-241366", }, }, { category: "service_pack", name: "11.2(2i)", product: { name: "11.2(2i)", product_id: "CSAFPID-241367", }, }, { category: "service_pack", name: "11.2(3e)", product: { name: "11.2(3e)", product_id: "CSAFPID-241368", }, }, { category: "service_pack", name: "11.2(3h)", product: { name: "11.2(3h)", product_id: "CSAFPID-241369", }, }, { category: "service_pack", name: "11.2(3m)", product: { name: "11.2(3m)", product_id: "CSAFPID-241370", }, }, { category: "service_pack", name: "11.2(1k)", product: { name: "11.2(1k)", product_id: "CSAFPID-257364", }, }, { category: "service_pack", name: "11.2(1m)", product: { name: "11.2(1m)", product_id: "CSAFPID-257365", }, }, { category: "service_pack", name: "11.2(2j)", product: { name: "11.2(2j)", product_id: "CSAFPID-257366", }, }, ], category: "product_version", name: "11.2", }, { branches: [ { category: "service_pack", name: "12.0(1m)", product: { name: "12.0(1m)", product_id: "CSAFPID-241210", }, }, { category: "service_pack", name: "12.0(2g)", product: { name: "12.0(2g)", product_id: "CSAFPID-241231", }, }, { category: "service_pack", name: "12.0(1n)", product: { name: "12.0(1n)", product_id: "CSAFPID-241351", }, }, { category: "service_pack", name: "12.0(1o)", product: { name: "12.0(1o)", product_id: "CSAFPID-241352", }, }, { category: "service_pack", name: "12.0(1p)", product: { name: "12.0(1p)", product_id: "CSAFPID-241353", }, }, { category: "service_pack", name: "12.0(1q)", product: { name: "12.0(1q)", product_id: "CSAFPID-241354", }, }, { category: "service_pack", name: "12.0(2h)", product: { name: "12.0(2h)", product_id: "CSAFPID-241355", }, }, { category: "service_pack", name: "12.0(2l)", product: { name: "12.0(2l)", product_id: "CSAFPID-241356", }, }, { category: "service_pack", name: "12.0(2m)", product: { name: "12.0(2m)", product_id: "CSAFPID-241357", }, }, { category: "service_pack", name: "12.0(2n)", product: { name: "12.0(2n)", product_id: "CSAFPID-241358", }, }, { category: "service_pack", name: "12.0(2o)", product: { name: "12.0(2o)", product_id: "CSAFPID-241359", }, }, { category: "service_pack", name: "12.0(2f)", product: { name: "12.0(2f)", product_id: "CSAFPID-241360", }, }, { category: "service_pack", name: "12.0(1r)", product: { name: "12.0(1r)", product_id: "CSAFPID-257369", }, }, ], category: "product_version", name: "12.0", }, { branches: [ { category: "service_pack", name: "12.1(1h)", product: { name: "12.1(1h)", product_id: "CSAFPID-241212", }, }, { category: "service_pack", name: "12.1(2e)", product: { name: "12.1(2e)", product_id: "CSAFPID-241228", }, }, { category: "service_pack", name: "12.1(3g)", product: { name: "12.1(3g)", product_id: "CSAFPID-241229", }, }, { category: "service_pack", name: "12.1(4a)", product: { name: "12.1(4a)", product_id: "CSAFPID-241230", }, }, { category: "service_pack", name: "12.1(1i)", product: { name: "12.1(1i)", product_id: "CSAFPID-241283", }, }, { category: "service_pack", name: "12.1(2g)", product: { name: "12.1(2g)", product_id: "CSAFPID-241309", }, }, { category: "service_pack", name: "12.1(2k)", product: { name: "12.1(2k)", product_id: "CSAFPID-241310", }, }, { category: "service_pack", name: "12.1(3h)", product: { name: "12.1(3h)", product_id: "CSAFPID-241349", }, }, { category: "service_pack", name: "12.1(3j)", product: { name: "12.1(3j)", product_id: "CSAFPID-241350", }, }, ], category: "product_version", name: "12.1", }, { branches: [ { category: "service_pack", name: "12.2(1n)", product: { name: "12.2(1n)", product_id: "CSAFPID-241214", }, }, { category: "service_pack", name: "12.2(2e)", product: { name: "12.2(2e)", product_id: "CSAFPID-241225", }, }, { category: "service_pack", name: "12.2(3j)", product: { name: "12.2(3j)", product_id: "CSAFPID-241226", }, }, { category: "service_pack", name: "12.2(4f)", product: { name: "12.2(4f)", product_id: "CSAFPID-241227", }, }, { category: "service_pack", name: "12.2(4p)", product: { name: "12.2(4p)", product_id: "CSAFPID-241268", }, }, { category: "service_pack", name: "12.2(3p)", product: { name: "12.2(3p)", product_id: "CSAFPID-241272", }, }, { category: "service_pack", name: "12.2(3r)", product: { name: "12.2(3r)", product_id: "CSAFPID-241273", }, }, { category: "service_pack", name: "12.2(3s)", product: { name: "12.2(3s)", product_id: "CSAFPID-241274", }, }, { category: "service_pack", name: "12.2(3t)", product: { name: "12.2(3t)", product_id: "CSAFPID-241275", }, }, { category: "service_pack", name: "12.2(2f)", product: { name: "12.2(2f)", product_id: "CSAFPID-241276", }, }, { category: "service_pack", name: "12.2(2g)", product: { name: "12.2(2g)", product_id: "CSAFPID-241277", }, }, { category: "service_pack", name: "12.2(2i)", product: { name: "12.2(2i)", product_id: "CSAFPID-241278", }, }, { category: "service_pack", name: "12.2(2j)", product: { name: "12.2(2j)", product_id: "CSAFPID-241279", }, }, { category: "service_pack", name: "12.2(2k)", product: { name: "12.2(2k)", product_id: "CSAFPID-241280", }, }, { category: "service_pack", name: "12.2(2q)", product: { name: "12.2(2q)", product_id: "CSAFPID-241281", }, }, { category: "service_pack", name: "12.2(1o)", product: { name: "12.2(1o)", product_id: "CSAFPID-241282", }, }, { category: "service_pack", name: "12.2(4q)", product: { name: "12.2(4q)", product_id: "CSAFPID-257370", }, }, { category: "service_pack", name: "12.2(4r)", product: { name: "12.2(4r)", product_id: "CSAFPID-257371", }, }, { category: "service_pack", name: "12.2(1k)", product: { name: "12.2(1k)", product_id: "CSAFPID-264659", }, }, ], category: "product_version", name: "12.2", }, { branches: [ { category: "service_pack", name: "12.3(1e)", product: { name: "12.3(1e)", product_id: "CSAFPID-241216", }, }, { category: "service_pack", name: "12.3(1f)", product: { name: "12.3(1f)", product_id: "CSAFPID-241263", }, }, { category: "service_pack", name: "12.3(1i)", product: { name: "12.3(1i)", product_id: "CSAFPID-241264", }, }, { category: "service_pack", name: "12.3(1l)", product: { name: "12.3(1l)", product_id: "CSAFPID-241265", }, }, { category: "service_pack", name: "12.3(1o)", product: { name: "12.3(1o)", product_id: "CSAFPID-241266", }, }, { category: "service_pack", name: "12.3(1p)", product: { name: "12.3(1p)", product_id: "CSAFPID-241267", }, }, ], category: "product_version", name: "12.3", }, { branches: [ { category: "service_pack", name: "13.0(1k)", product: { name: "13.0(1k)", product_id: "CSAFPID-241218", }, }, { category: "service_pack", name: "13.0(2h)", product: { name: "13.0(2h)", product_id: "CSAFPID-241224", }, }, { category: "service_pack", name: "13.0(2k)", product: { name: "13.0(2k)", product_id: "CSAFPID-241261", }, }, { category: "service_pack", name: "13.0(2n)", product: { name: "13.0(2n)", product_id: "CSAFPID-241262", }, }, { category: "service_pack", name: "13.0(1i)", product: { name: "13.0(1i)", product_id: "CSAFPID-264657", }, }, { category: "service_pack", name: "13.0(2m)", product: { name: "13.0(2m)", product_id: "CSAFPID-264658", }, }, ], category: "product_version", name: "13.0", }, { branches: [ { category: "service_pack", name: "13.1(1i)", product: { name: "13.1(1i)", product_id: "CSAFPID-241220", }, }, { category: "service_pack", name: "13.1(2m)", product: { name: "13.1(2m)", product_id: "CSAFPID-241223", }, }, { category: "service_pack", name: "13.1(2o)", product: { name: "13.1(2o)", product_id: "CSAFPID-241258", }, }, { category: "service_pack", name: "13.1(2p)", product: { name: "13.1(2p)", product_id: "CSAFPID-241259", }, }, { category: "service_pack", name: "13.1(2q)", product: { name: "13.1(2q)", product_id: "CSAFPID-241260", }, }, { category: "service_pack", name: "13.1(2s)", product: { name: "13.1(2s)", product_id: "CSAFPID-257372", }, }, { category: "service_pack", name: "13.1(2t)", product: { name: "13.1(2t)", product_id: "CSAFPID-257373", }, }, { category: "service_pack", name: "13.1(2u)", product: { name: "13.1(2u)", product_id: "CSAFPID-264656", }, }, { category: "service_pack", name: "13.1(2v)", product: { name: "13.1(2v)", product_id: "CSAFPID-273934", }, }, ], category: "product_version", name: "13.1", }, { branches: [ { category: "service_pack", name: "13.2(1l)", product: { name: "13.2(1l)", product_id: "CSAFPID-241222", }, }, { category: "service_pack", name: "13.2(1m)", product: { name: "13.2(1m)", product_id: "CSAFPID-241257", }, }, { category: "service_pack", name: "13.2(2l)", product: { name: "13.2(2l)", product_id: "CSAFPID-257374", }, }, { category: "service_pack", name: "13.2(2o)", product: { name: "13.2(2o)", product_id: "CSAFPID-257375", }, }, { category: "service_pack", name: "13.2(3i)", product: { name: "13.2(3i)", product_id: "CSAFPID-257376", }, }, { category: "service_pack", name: "13.2(3n)", product: { name: "13.2(3n)", product_id: "CSAFPID-257377", }, }, { category: "service_pack", name: "13.2(3o)", product: { name: "13.2(3o)", product_id: "CSAFPID-257378", }, }, { category: "service_pack", name: "13.2(3r)", product: { name: "13.2(3r)", product_id: "CSAFPID-257379", }, }, { category: "service_pack", name: "13.2(4d)", product: { name: "13.2(4d)", product_id: "CSAFPID-257757", }, }, { category: "service_pack", name: "13.2(4e)", product: { name: "13.2(4e)", product_id: "CSAFPID-257758", }, }, { category: "service_pack", name: "13.2(3j)", product: { name: "13.2(3j)", product_id: "CSAFPID-264650", }, }, { category: "service_pack", name: "13.2(3s)", product: { name: "13.2(3s)", product_id: "CSAFPID-264651", }, }, { category: "service_pack", name: "13.2(5d)", product: { name: "13.2(5d)", product_id: "CSAFPID-264652", }, }, { category: "service_pack", name: "13.2(5e)", product: { name: "13.2(5e)", product_id: "CSAFPID-264653", }, }, { category: "service_pack", name: "13.2(5f)", product: { name: "13.2(5f)", product_id: "CSAFPID-264654", }, }, { category: "service_pack", name: "13.2(6i)", product: { name: "13.2(6i)", product_id: "CSAFPID-264655", }, }, { category: "service_pack", name: "13.2(41d)", product: { name: "13.2(41d)", product_id: "CSAFPID-273935", }, }, { category: "service_pack", name: "13.2(7f)", product: { name: "13.2(7f)", product_id: "CSAFPID-273936", }, }, { category: "service_pack", name: "13.2(7k)", product: { name: "13.2(7k)", product_id: "CSAFPID-273937", }, }, ], category: "product_version", name: "13.2", }, { branches: [ { category: "service_pack", name: "11.3(1g)", product: { name: "11.3(1g)", product_id: "CSAFPID-241233", }, }, { category: "service_pack", name: "11.3(2f)", product: { name: "11.3(2f)", product_id: "CSAFPID-241234", }, }, { category: "service_pack", name: "11.3(1h)", product: { name: "11.3(1h)", product_id: "CSAFPID-241361", }, }, { category: "service_pack", name: "11.3(1i)", product: { name: "11.3(1i)", product_id: "CSAFPID-241362", }, }, { category: "service_pack", name: "11.3(2h)", product: { name: "11.3(2h)", product_id: "CSAFPID-241363", }, }, { category: "service_pack", name: "11.3(2i)", product: { name: "11.3(2i)", product_id: "CSAFPID-241364", }, }, { category: "service_pack", name: "11.3(2k)", product: { name: "11.3(2k)", product_id: "CSAFPID-241365", }, }, { category: "service_pack", name: "11.3(1j)", product: { name: "11.3(1j)", product_id: "CSAFPID-257367", }, }, { category: "service_pack", name: "11.3(2j)", product: { name: "11.3(2j)", product_id: "CSAFPID-257368", }, }, ], category: "product_version", name: "11.3", }, { branches: [ { category: "service_pack", name: "14.0(1h)", product: { name: "14.0(1h)", product_id: "CSAFPID-257580", }, }, { category: "service_pack", name: "14.0(2c)", product: { name: "14.0(2c)", product_id: "CSAFPID-257581", }, }, { category: "service_pack", name: "14.0(3d)", product: { name: "14.0(3d)", product_id: "CSAFPID-259822", }, }, { category: "service_pack", name: "14.0(3c)", product: { name: "14.0(3c)", product_id: "CSAFPID-264644", }, }, ], category: "product_version", name: "14.0", }, { branches: [ { category: "service_pack", name: "14.1(1i)", product: { name: "14.1(1i)", product_id: "CSAFPID-264646", }, }, { category: "service_pack", name: "14.1(1j)", product: { name: "14.1(1j)", product_id: "CSAFPID-264647", }, }, { category: "service_pack", name: "14.1(1k)", product: { name: "14.1(1k)", product_id: "CSAFPID-264648", }, }, { category: "service_pack", name: "14.1(1l)", product: { name: "14.1(1l)", product_id: "CSAFPID-264649", }, }, ], category: "product_version", name: "14.1", }, ], category: "product_family", name: "Cisco NX-OS System Software in ACI Mode", }, { category: "product_name", name: "Cisco Nexus 9000 Series Switches", product: { name: "Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-265096", }, }, ], category: "vendor", name: "Cisco", }, ], relationships: [ { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.1(1j) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241206:265096", }, product_reference: "CSAFPID-241206", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.1(1o) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241237:265096", }, product_reference: "CSAFPID-241237", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.1(1r) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241238:265096", }, product_reference: "CSAFPID-241238", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.1(1s) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241239:265096", }, product_reference: "CSAFPID-241239", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.1(2h) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241240:265096", }, product_reference: "CSAFPID-241240", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.1(2i) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241241:265096", }, product_reference: "CSAFPID-241241", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.1(3f) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241242:265096", }, product_reference: "CSAFPID-241242", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.1(4e) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241243:265096", }, product_reference: "CSAFPID-241243", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.1(4f) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257359:265096", }, product_reference: "CSAFPID-257359", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.1(4g) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257360:265096", }, product_reference: "CSAFPID-257360", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.1(4i) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257361:265096", }, product_reference: "CSAFPID-257361", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.1(4l) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257362:265096", }, product_reference: "CSAFPID-257362", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.1(4m) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257363:265096", }, product_reference: "CSAFPID-257363", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.2(1i) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241208:265096", }, product_reference: "CSAFPID-241208", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.2(2g) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241235:265096", }, product_reference: "CSAFPID-241235", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.2(3c) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241236:265096", }, product_reference: "CSAFPID-241236", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.2(2h) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241366:265096", }, product_reference: "CSAFPID-241366", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.2(2i) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241367:265096", }, product_reference: "CSAFPID-241367", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.2(3e) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241368:265096", }, product_reference: "CSAFPID-241368", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.2(3h) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241369:265096", }, product_reference: "CSAFPID-241369", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.2(3m) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241370:265096", }, product_reference: "CSAFPID-241370", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.2(1k) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257364:265096", }, product_reference: "CSAFPID-257364", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.2(1m) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257365:265096", }, product_reference: "CSAFPID-257365", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.2(2j) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257366:265096", }, product_reference: "CSAFPID-257366", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.0(1m) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241210:265096", }, product_reference: "CSAFPID-241210", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.0(2g) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241231:265096", }, product_reference: "CSAFPID-241231", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.0(1n) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241351:265096", }, product_reference: "CSAFPID-241351", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.0(1o) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241352:265096", }, product_reference: "CSAFPID-241352", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.0(1p) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241353:265096", }, product_reference: "CSAFPID-241353", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.0(1q) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241354:265096", }, product_reference: "CSAFPID-241354", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.0(2h) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241355:265096", }, product_reference: "CSAFPID-241355", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.0(2l) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241356:265096", }, product_reference: "CSAFPID-241356", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.0(2m) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241357:265096", }, product_reference: "CSAFPID-241357", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.0(2n) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241358:265096", }, product_reference: "CSAFPID-241358", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.0(2o) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241359:265096", }, product_reference: "CSAFPID-241359", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.0(2f) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241360:265096", }, product_reference: "CSAFPID-241360", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.0(1r) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257369:265096", }, product_reference: "CSAFPID-257369", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.1(1h) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241212:265096", }, product_reference: "CSAFPID-241212", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.1(2e) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241228:265096", }, product_reference: "CSAFPID-241228", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.1(3g) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241229:265096", }, product_reference: "CSAFPID-241229", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.1(4a) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241230:265096", }, product_reference: "CSAFPID-241230", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.1(1i) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241283:265096", }, product_reference: "CSAFPID-241283", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.1(2g) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241309:265096", }, product_reference: "CSAFPID-241309", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.1(2k) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241310:265096", }, product_reference: "CSAFPID-241310", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.1(3h) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241349:265096", }, product_reference: "CSAFPID-241349", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.1(3j) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241350:265096", }, product_reference: "CSAFPID-241350", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(1n) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241214:265096", }, product_reference: "CSAFPID-241214", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(2e) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241225:265096", }, product_reference: "CSAFPID-241225", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(3j) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241226:265096", }, product_reference: "CSAFPID-241226", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(4f) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241227:265096", }, product_reference: "CSAFPID-241227", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(4p) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241268:265096", }, product_reference: "CSAFPID-241268", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(3p) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241272:265096", }, product_reference: "CSAFPID-241272", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(3r) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241273:265096", }, product_reference: "CSAFPID-241273", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(3s) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241274:265096", }, product_reference: "CSAFPID-241274", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(3t) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241275:265096", }, product_reference: "CSAFPID-241275", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(2f) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241276:265096", }, product_reference: "CSAFPID-241276", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(2i) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241278:265096", }, product_reference: "CSAFPID-241278", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(2j) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241279:265096", }, product_reference: "CSAFPID-241279", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(2k) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241280:265096", }, product_reference: "CSAFPID-241280", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(2q) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241281:265096", }, product_reference: "CSAFPID-241281", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(1o) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241282:265096", }, product_reference: "CSAFPID-241282", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(4q) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257370:265096", }, product_reference: "CSAFPID-257370", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(4r) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257371:265096", }, product_reference: "CSAFPID-257371", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.2(1k) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-264659:265096", }, product_reference: "CSAFPID-264659", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.3(1e) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241216:265096", }, product_reference: "CSAFPID-241216", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.3(1f) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241263:265096", }, product_reference: "CSAFPID-241263", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.3(1i) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241264:265096", }, product_reference: "CSAFPID-241264", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.3(1l) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241265:265096", }, product_reference: "CSAFPID-241265", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.3(1o) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241266:265096", }, product_reference: "CSAFPID-241266", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 12.3(1p) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241267:265096", }, product_reference: "CSAFPID-241267", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.0(1k) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241218:265096", }, product_reference: "CSAFPID-241218", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.0(2h) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241224:265096", }, product_reference: "CSAFPID-241224", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.0(2k) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241261:265096", }, product_reference: "CSAFPID-241261", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.0(2n) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241262:265096", }, product_reference: "CSAFPID-241262", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.1(1i) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241220:265096", }, product_reference: "CSAFPID-241220", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.1(2m) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241223:265096", }, product_reference: "CSAFPID-241223", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.1(2o) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241258:265096", }, product_reference: "CSAFPID-241258", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.1(2p) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241259:265096", }, product_reference: "CSAFPID-241259", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.1(2q) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241260:265096", }, product_reference: "CSAFPID-241260", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.1(2s) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257372:265096", }, product_reference: "CSAFPID-257372", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.1(2t) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257373:265096", }, product_reference: "CSAFPID-257373", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.1(2u) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-264656:265096", }, product_reference: "CSAFPID-264656", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.1(2v) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-273934:265096", }, product_reference: "CSAFPID-273934", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(1l) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241222:265096", }, product_reference: "CSAFPID-241222", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(1m) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241257:265096", }, product_reference: "CSAFPID-241257", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(2l) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257374:265096", }, product_reference: "CSAFPID-257374", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(2o) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257375:265096", }, product_reference: "CSAFPID-257375", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(3i) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257376:265096", }, product_reference: "CSAFPID-257376", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(3n) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257377:265096", }, product_reference: "CSAFPID-257377", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(3o) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257378:265096", }, product_reference: "CSAFPID-257378", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(3r) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257379:265096", }, product_reference: "CSAFPID-257379", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(4d) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257757:265096", }, product_reference: "CSAFPID-257757", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(4e) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257758:265096", }, product_reference: "CSAFPID-257758", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(3j) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-264650:265096", }, product_reference: "CSAFPID-264650", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(3s) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-264651:265096", }, product_reference: "CSAFPID-264651", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(5d) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-264652:265096", }, product_reference: "CSAFPID-264652", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(5e) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-264653:265096", }, product_reference: "CSAFPID-264653", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(5f) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-264654:265096", }, product_reference: "CSAFPID-264654", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(6i) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-264655:265096", }, product_reference: "CSAFPID-264655", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(41d) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-273935:265096", }, product_reference: "CSAFPID-273935", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(7f) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-273936:265096", }, product_reference: "CSAFPID-273936", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 13.2(7k) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-273937:265096", }, product_reference: "CSAFPID-273937", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.3(1g) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241233:265096", }, product_reference: "CSAFPID-241233", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.3(2f) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241234:265096", }, product_reference: "CSAFPID-241234", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.3(1h) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241361:265096", }, product_reference: "CSAFPID-241361", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.3(1i) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241362:265096", }, product_reference: "CSAFPID-241362", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.3(2h) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241363:265096", }, product_reference: "CSAFPID-241363", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.3(2i) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241364:265096", }, product_reference: "CSAFPID-241364", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.3(2k) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-241365:265096", }, product_reference: "CSAFPID-241365", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.3(1j) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257367:265096", }, product_reference: "CSAFPID-257367", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 11.3(2j) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257368:265096", }, product_reference: "CSAFPID-257368", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 14.0(1h) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257580:265096", }, product_reference: "CSAFPID-257580", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 14.0(2c) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-257581:265096", }, product_reference: "CSAFPID-257581", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 14.0(3d) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-259822:265096", }, product_reference: "CSAFPID-259822", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 14.0(3c) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-264644:265096", }, product_reference: "CSAFPID-264644", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 14.1(1i) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-264646:265096", }, product_reference: "CSAFPID-264646", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 14.1(1j) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-264647:265096", }, product_reference: "CSAFPID-264647", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 14.1(1k) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-264648:265096", }, product_reference: "CSAFPID-264648", relates_to_product_reference: "CSAFPID-265096", }, { category: "installed_on", full_product_name: { name: "Cisco NX-OS System Software in ACI Mode 14.1(1l) when installed on Cisco Nexus 9000 Series Switches", product_id: "CSAFPID-264649:265096", }, product_reference: "CSAFPID-264649", relates_to_product_reference: "CSAFPID-265096", }, ], }, vulnerabilities: [ { cve: "CVE-2019-1890", ids: [ { system_name: "Cisco Bug ID", text: "CSCvp64280", }, ], notes: [ { category: "other", text: "Complete.", title: "Affected Product Comprehensiveness", }, ], product_status: { known_affected: [ "CSAFPID-241206:265096", "CSAFPID-241208:265096", "CSAFPID-241210:265096", "CSAFPID-241212:265096", "CSAFPID-241214:265096", "CSAFPID-241216:265096", "CSAFPID-241218:265096", "CSAFPID-241220:265096", "CSAFPID-241222:265096", "CSAFPID-241223:265096", "CSAFPID-241224:265096", "CSAFPID-241225:265096", "CSAFPID-241226:265096", "CSAFPID-241227:265096", "CSAFPID-241228:265096", "CSAFPID-241229:265096", "CSAFPID-241230:265096", "CSAFPID-241231:265096", "CSAFPID-241233:265096", "CSAFPID-241234:265096", "CSAFPID-241235:265096", "CSAFPID-241236:265096", "CSAFPID-241237:265096", "CSAFPID-241238:265096", "CSAFPID-241239:265096", "CSAFPID-241240:265096", "CSAFPID-241241:265096", "CSAFPID-241242:265096", "CSAFPID-241243:265096", "CSAFPID-241257:265096", "CSAFPID-241258:265096", "CSAFPID-241259:265096", "CSAFPID-241260:265096", "CSAFPID-241261:265096", "CSAFPID-241262:265096", "CSAFPID-241263:265096", "CSAFPID-241264:265096", "CSAFPID-241265:265096", "CSAFPID-241266:265096", "CSAFPID-241267:265096", "CSAFPID-241268:265096", "CSAFPID-241272:265096", "CSAFPID-241273:265096", "CSAFPID-241274:265096", "CSAFPID-241275:265096", "CSAFPID-241276:265096", "CSAFPID-241277", "CSAFPID-241278:265096", "CSAFPID-241279:265096", "CSAFPID-241280:265096", "CSAFPID-241281:265096", "CSAFPID-241282:265096", "CSAFPID-241283:265096", "CSAFPID-241309:265096", "CSAFPID-241310:265096", "CSAFPID-241349:265096", "CSAFPID-241350:265096", "CSAFPID-241351:265096", "CSAFPID-241352:265096", "CSAFPID-241353:265096", "CSAFPID-241354:265096", "CSAFPID-241355:265096", "CSAFPID-241356:265096", "CSAFPID-241357:265096", "CSAFPID-241358:265096", "CSAFPID-241359:265096", "CSAFPID-241360:265096", "CSAFPID-241361:265096", "CSAFPID-241362:265096", "CSAFPID-241363:265096", "CSAFPID-241364:265096", "CSAFPID-241365:265096", "CSAFPID-241366:265096", "CSAFPID-241367:265096", "CSAFPID-241368:265096", "CSAFPID-241369:265096", "CSAFPID-241370:265096", "CSAFPID-257359:265096", "CSAFPID-257360:265096", "CSAFPID-257361:265096", "CSAFPID-257362:265096", "CSAFPID-257363:265096", "CSAFPID-257364:265096", "CSAFPID-257365:265096", "CSAFPID-257366:265096", "CSAFPID-257367:265096", "CSAFPID-257368:265096", "CSAFPID-257369:265096", "CSAFPID-257370:265096", "CSAFPID-257371:265096", "CSAFPID-257372:265096", "CSAFPID-257373:265096", "CSAFPID-257374:265096", "CSAFPID-257375:265096", "CSAFPID-257376:265096", "CSAFPID-257377:265096", "CSAFPID-257378:265096", "CSAFPID-257379:265096", "CSAFPID-257580:265096", "CSAFPID-257581:265096", "CSAFPID-257757:265096", "CSAFPID-257758:265096", "CSAFPID-259822:265096", "CSAFPID-264644:265096", "CSAFPID-264646:265096", "CSAFPID-264647:265096", "CSAFPID-264648:265096", "CSAFPID-264649:265096", "CSAFPID-264650:265096", "CSAFPID-264651:265096", "CSAFPID-264652:265096", "CSAFPID-264653:265096", "CSAFPID-264654:265096", "CSAFPID-264655:265096", "CSAFPID-264656:265096", "CSAFPID-264657", "CSAFPID-264658", "CSAFPID-264659:265096", "CSAFPID-273934:265096", "CSAFPID-273935:265096", "CSAFPID-273936:265096", "CSAFPID-273937:265096", ], }, release_date: "2019-07-03T16:00:00+00:00", remediations: [ { category: "vendor_fix", details: "Cisco has released software updates that address this vulnerability.", product_ids: [ "CSAFPID-241206:265096", "CSAFPID-241208:265096", "CSAFPID-241210:265096", "CSAFPID-241212:265096", "CSAFPID-241214:265096", "CSAFPID-241216:265096", "CSAFPID-241218:265096", "CSAFPID-241220:265096", "CSAFPID-241222:265096", "CSAFPID-241223:265096", "CSAFPID-241224:265096", "CSAFPID-241225:265096", "CSAFPID-241226:265096", "CSAFPID-241227:265096", "CSAFPID-241228:265096", "CSAFPID-241229:265096", "CSAFPID-241230:265096", "CSAFPID-241231:265096", "CSAFPID-241233:265096", "CSAFPID-241234:265096", "CSAFPID-241235:265096", "CSAFPID-241236:265096", "CSAFPID-241237:265096", "CSAFPID-241238:265096", "CSAFPID-241239:265096", "CSAFPID-241240:265096", "CSAFPID-241241:265096", "CSAFPID-241242:265096", "CSAFPID-241243:265096", "CSAFPID-241257:265096", "CSAFPID-241258:265096", "CSAFPID-241259:265096", "CSAFPID-241260:265096", "CSAFPID-241261:265096", "CSAFPID-241262:265096", "CSAFPID-241263:265096", "CSAFPID-241264:265096", "CSAFPID-241265:265096", "CSAFPID-241266:265096", "CSAFPID-241267:265096", "CSAFPID-241268:265096", "CSAFPID-241272:265096", "CSAFPID-241273:265096", "CSAFPID-241274:265096", "CSAFPID-241275:265096", "CSAFPID-241276:265096", "CSAFPID-241277", "CSAFPID-241278:265096", "CSAFPID-241279:265096", "CSAFPID-241280:265096", "CSAFPID-241281:265096", "CSAFPID-241282:265096", "CSAFPID-241283:265096", "CSAFPID-241309:265096", "CSAFPID-241310:265096", "CSAFPID-241349:265096", "CSAFPID-241350:265096", "CSAFPID-241351:265096", "CSAFPID-241352:265096", "CSAFPID-241353:265096", "CSAFPID-241354:265096", "CSAFPID-241355:265096", "CSAFPID-241356:265096", "CSAFPID-241357:265096", "CSAFPID-241358:265096", "CSAFPID-241359:265096", "CSAFPID-241360:265096", "CSAFPID-241361:265096", "CSAFPID-241362:265096", "CSAFPID-241363:265096", "CSAFPID-241364:265096", "CSAFPID-241365:265096", "CSAFPID-241366:265096", "CSAFPID-241367:265096", "CSAFPID-241368:265096", "CSAFPID-241369:265096", "CSAFPID-241370:265096", "CSAFPID-257359:265096", "CSAFPID-257360:265096", "CSAFPID-257361:265096", "CSAFPID-257362:265096", "CSAFPID-257363:265096", "CSAFPID-257364:265096", "CSAFPID-257365:265096", "CSAFPID-257366:265096", "CSAFPID-257367:265096", "CSAFPID-257368:265096", "CSAFPID-257369:265096", "CSAFPID-257370:265096", "CSAFPID-257371:265096", "CSAFPID-257372:265096", "CSAFPID-257373:265096", "CSAFPID-257374:265096", "CSAFPID-257375:265096", "CSAFPID-257376:265096", "CSAFPID-257377:265096", "CSAFPID-257378:265096", "CSAFPID-257379:265096", "CSAFPID-257580:265096", "CSAFPID-257581:265096", "CSAFPID-257757:265096", "CSAFPID-257758:265096", "CSAFPID-259822:265096", "CSAFPID-264644:265096", "CSAFPID-264646:265096", "CSAFPID-264647:265096", "CSAFPID-264648:265096", "CSAFPID-264649:265096", "CSAFPID-264650:265096", "CSAFPID-264651:265096", "CSAFPID-264652:265096", "CSAFPID-264653:265096", "CSAFPID-264654:265096", "CSAFPID-264655:265096", "CSAFPID-264656:265096", "CSAFPID-264657", "CSAFPID-264658", "CSAFPID-264659:265096", "CSAFPID-273934:265096", "CSAFPID-273935:265096", "CSAFPID-273936:265096", "CSAFPID-273937:265096", ], url: "https://software.cisco.com", }, { category: "workaround", details: "If strict mode is configured, this vulnerability cannot be exploited. Strict mode enforces the following further firmware security checks before allowing a connection:\r\n\r\nAllows only switches with a valid Cisco serial number and Secure Sockets Layer (SSL) certificate.\r\nRequires serial number-based authorization.\r\nRequires an administrator to manually authorize controllers and switches to join the fabric.\r\n\r\nAdministrators can determine if an interface is configured in strict mode by verifying that the system fabric-security-mode strict command is present in the running configuration.\r\n\r\n\r\n\r\napic# show running-config | grep strict system fabric-security-mode strict\r\n\r\nFor additional information on configuring strict mode, refer to Configuring Fabric Secure Mode [\"https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/cli/nx/cfg/b_APIC_NXOS_CLI_User_Guide/b_APIC_NXOS_CLI_User_Guide_chapter_01110.html#task_E123581BDA62418284F2206981AC322B\"].", product_ids: [ "CSAFPID-241206:265096", "CSAFPID-241208:265096", "CSAFPID-241210:265096", "CSAFPID-241212:265096", "CSAFPID-241214:265096", "CSAFPID-241216:265096", "CSAFPID-241218:265096", "CSAFPID-241220:265096", "CSAFPID-241222:265096", "CSAFPID-241223:265096", "CSAFPID-241224:265096", "CSAFPID-241225:265096", "CSAFPID-241226:265096", "CSAFPID-241227:265096", "CSAFPID-241228:265096", "CSAFPID-241229:265096", "CSAFPID-241230:265096", "CSAFPID-241231:265096", "CSAFPID-241233:265096", "CSAFPID-241234:265096", "CSAFPID-241235:265096", "CSAFPID-241236:265096", "CSAFPID-241237:265096", "CSAFPID-241238:265096", "CSAFPID-241239:265096", "CSAFPID-241240:265096", "CSAFPID-241241:265096", "CSAFPID-241242:265096", "CSAFPID-241243:265096", "CSAFPID-241257:265096", "CSAFPID-241258:265096", "CSAFPID-241259:265096", "CSAFPID-241260:265096", "CSAFPID-241261:265096", "CSAFPID-241262:265096", "CSAFPID-241263:265096", "CSAFPID-241264:265096", "CSAFPID-241265:265096", "CSAFPID-241266:265096", "CSAFPID-241267:265096", "CSAFPID-241268:265096", "CSAFPID-241272:265096", "CSAFPID-241273:265096", "CSAFPID-241274:265096", "CSAFPID-241275:265096", "CSAFPID-241276:265096", "CSAFPID-241277", "CSAFPID-241278:265096", "CSAFPID-241279:265096", "CSAFPID-241280:265096", "CSAFPID-241281:265096", "CSAFPID-241282:265096", "CSAFPID-241283:265096", "CSAFPID-241309:265096", "CSAFPID-241310:265096", "CSAFPID-241349:265096", "CSAFPID-241350:265096", "CSAFPID-241351:265096", "CSAFPID-241352:265096", "CSAFPID-241353:265096", "CSAFPID-241354:265096", "CSAFPID-241355:265096", "CSAFPID-241356:265096", "CSAFPID-241357:265096", "CSAFPID-241358:265096", "CSAFPID-241359:265096", "CSAFPID-241360:265096", "CSAFPID-241361:265096", "CSAFPID-241362:265096", "CSAFPID-241363:265096", "CSAFPID-241364:265096", "CSAFPID-241365:265096", "CSAFPID-241366:265096", "CSAFPID-241367:265096", "CSAFPID-241368:265096", "CSAFPID-241369:265096", "CSAFPID-241370:265096", "CSAFPID-257359:265096", "CSAFPID-257360:265096", "CSAFPID-257361:265096", "CSAFPID-257362:265096", "CSAFPID-257363:265096", "CSAFPID-257364:265096", "CSAFPID-257365:265096", "CSAFPID-257366:265096", "CSAFPID-257367:265096", "CSAFPID-257368:265096", "CSAFPID-257369:265096", "CSAFPID-257370:265096", "CSAFPID-257371:265096", "CSAFPID-257372:265096", "CSAFPID-257373:265096", "CSAFPID-257374:265096", "CSAFPID-257375:265096", "CSAFPID-257376:265096", "CSAFPID-257377:265096", "CSAFPID-257378:265096", "CSAFPID-257379:265096", "CSAFPID-257580:265096", "CSAFPID-257581:265096", "CSAFPID-257757:265096", "CSAFPID-257758:265096", "CSAFPID-259822:265096", "CSAFPID-264644:265096", "CSAFPID-264646:265096", "CSAFPID-264647:265096", "CSAFPID-264648:265096", "CSAFPID-264649:265096", "CSAFPID-264650:265096", "CSAFPID-264651:265096", "CSAFPID-264652:265096", "CSAFPID-264653:265096", "CSAFPID-264654:265096", "CSAFPID-264655:265096", "CSAFPID-264656:265096", "CSAFPID-264657", "CSAFPID-264658", "CSAFPID-264659:265096", "CSAFPID-273934:265096", "CSAFPID-273935:265096", "CSAFPID-273936:265096", "CSAFPID-273937:265096", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", version: "3.0", }, products: [ "CSAFPID-241206:265096", "CSAFPID-241208:265096", "CSAFPID-241210:265096", "CSAFPID-241212:265096", "CSAFPID-241214:265096", "CSAFPID-241216:265096", "CSAFPID-241218:265096", "CSAFPID-241220:265096", "CSAFPID-241222:265096", "CSAFPID-241223:265096", "CSAFPID-241224:265096", "CSAFPID-241225:265096", "CSAFPID-241226:265096", "CSAFPID-241227:265096", "CSAFPID-241228:265096", "CSAFPID-241229:265096", "CSAFPID-241230:265096", "CSAFPID-241231:265096", "CSAFPID-241233:265096", "CSAFPID-241234:265096", "CSAFPID-241235:265096", "CSAFPID-241236:265096", "CSAFPID-241237:265096", "CSAFPID-241238:265096", "CSAFPID-241239:265096", "CSAFPID-241240:265096", "CSAFPID-241241:265096", "CSAFPID-241242:265096", "CSAFPID-241243:265096", "CSAFPID-241257:265096", "CSAFPID-241258:265096", "CSAFPID-241259:265096", "CSAFPID-241260:265096", "CSAFPID-241261:265096", "CSAFPID-241262:265096", "CSAFPID-241263:265096", "CSAFPID-241264:265096", "CSAFPID-241265:265096", "CSAFPID-241266:265096", "CSAFPID-241267:265096", "CSAFPID-241268:265096", "CSAFPID-241272:265096", "CSAFPID-241273:265096", "CSAFPID-241274:265096", "CSAFPID-241275:265096", "CSAFPID-241276:265096", "CSAFPID-241277", "CSAFPID-241278:265096", "CSAFPID-241279:265096", "CSAFPID-241280:265096", "CSAFPID-241281:265096", "CSAFPID-241282:265096", "CSAFPID-241283:265096", "CSAFPID-241309:265096", "CSAFPID-241310:265096", "CSAFPID-241349:265096", "CSAFPID-241350:265096", "CSAFPID-241351:265096", "CSAFPID-241352:265096", "CSAFPID-241353:265096", "CSAFPID-241354:265096", "CSAFPID-241355:265096", "CSAFPID-241356:265096", "CSAFPID-241357:265096", "CSAFPID-241358:265096", "CSAFPID-241359:265096", "CSAFPID-241360:265096", "CSAFPID-241361:265096", "CSAFPID-241362:265096", "CSAFPID-241363:265096", "CSAFPID-241364:265096", "CSAFPID-241365:265096", "CSAFPID-241366:265096", "CSAFPID-241367:265096", "CSAFPID-241368:265096", "CSAFPID-241369:265096", "CSAFPID-241370:265096", "CSAFPID-257359:265096", "CSAFPID-257360:265096", "CSAFPID-257361:265096", "CSAFPID-257362:265096", "CSAFPID-257363:265096", "CSAFPID-257364:265096", "CSAFPID-257365:265096", "CSAFPID-257366:265096", "CSAFPID-257367:265096", "CSAFPID-257368:265096", "CSAFPID-257369:265096", "CSAFPID-257370:265096", "CSAFPID-257371:265096", "CSAFPID-257372:265096", "CSAFPID-257373:265096", "CSAFPID-257374:265096", "CSAFPID-257375:265096", "CSAFPID-257376:265096", "CSAFPID-257377:265096", "CSAFPID-257378:265096", "CSAFPID-257379:265096", "CSAFPID-257580:265096", "CSAFPID-257581:265096", "CSAFPID-257757:265096", "CSAFPID-257758:265096", "CSAFPID-259822:265096", "CSAFPID-264644:265096", "CSAFPID-264646:265096", "CSAFPID-264647:265096", "CSAFPID-264648:265096", "CSAFPID-264649:265096", "CSAFPID-264650:265096", "CSAFPID-264651:265096", "CSAFPID-264652:265096", "CSAFPID-264653:265096", "CSAFPID-264654:265096", "CSAFPID-264655:265096", "CSAFPID-264656:265096", "CSAFPID-264657", "CSAFPID-264658", "CSAFPID-264659:265096", "CSAFPID-273934:265096", "CSAFPID-273935:265096", "CSAFPID-273936:265096", "CSAFPID-273937:265096", ], }, ], title: "Cisco Application Policy Infrastructure Controller Unauthorized Fabric Infrastructure VLAN Connection Vulnerability", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.