var-201905-1314
Vulnerability from variot
A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable. Cisco Nexus 9000 Series Fabric Switches are prone to an remote security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvo80686. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201905-1314", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "nexus 9396tx", scope: "eq", trust: 1, vendor: "cisco", version: "14.0\\(3d\\)", }, { model: "nexus 9508", scope: "eq", trust: 1, vendor: "cisco", version: "14.0\\(3d\\)", }, { model: "nexus 9372px", scope: "eq", trust: 1, vendor: "cisco", version: "14.0\\(3d\\)", }, { model: "nexus 9396px", scope: "eq", trust: 1, vendor: "cisco", version: "14.0\\(3d\\)", }, { model: "nexus 9500", scope: "eq", trust: 1, vendor: "cisco", version: "14.0\\(3d\\)", }, { model: "nexus 93180yc-ex", scope: "eq", trust: 1, vendor: "cisco", version: "14.0\\(3d\\)", }, { model: "nexus 9516", scope: "eq", trust: 1, vendor: "cisco", version: "14.0\\(3d\\)", }, { model: "nexus 9332pq", scope: "eq", trust: 1, vendor: "cisco", version: "14.0\\(3d\\)", }, { model: "nexus 9372tx", scope: "eq", trust: 1, vendor: "cisco", version: "14.0\\(3d\\)", }, { model: "nexus 93128tx", scope: "eq", trust: 1, vendor: "cisco", version: "14.0\\(3d\\)", }, { model: "nexus 9504", scope: "eq", trust: 1, vendor: "cisco", version: "14.0\\(3d\\)", }, { model: "nexus 93120tx", scope: "eq", trust: 1, vendor: "cisco", version: "14.0\\(3d\\)", }, { model: "nexus 93108tc-ex", scope: "eq", trust: 1, vendor: "cisco", version: "14.0\\(3d\\)", }, { model: "nexus 93108tc ex", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "nexus 93120tx", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "nexus 93128tx", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "nexus 93180yc ex", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "nexus 9332pq", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "nexus 9396tx", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "nexus 9500", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "nexus 9504", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "nexus 9508", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "nexus 9516", scope: null, trust: 0.8, vendor: "cisco", version: null, }, { model: "nexus series switches 14.1", scope: "ne", trust: 0.6, vendor: "cisco", version: "9000", }, { model: "nx-os software", scope: "eq", trust: 0.3, vendor: "cisco", version: "8.0(1)", }, { model: "nx-os software", scope: "eq", trust: 0.3, vendor: "cisco", version: "7.0", }, { model: "nx-os software", scope: "eq", trust: 0.3, vendor: "cisco", version: "6.1", }, { model: "nx-os software", scope: "eq", trust: 0.3, vendor: "cisco", version: "6.0", }, { model: "nx-os software", scope: "eq", trust: 0.3, vendor: "cisco", version: "5.2", }, { model: "nx-os software", scope: "eq", trust: 0.3, vendor: "cisco", version: "4.1", }, { model: "nx-os software", scope: "eq", trust: 0.3, vendor: "cisco", version: "2.1", }, { model: "nexus series switches 14.0", scope: "eq", trust: 0.3, vendor: "cisco", version: "9000", }, { model: "nx-os software 14.1", scope: "ne", trust: 0.3, vendor: "cisco", version: null, }, ], sources: [ { db: "BID", id: "108127", }, { db: "JVNDB", id: "JVNDB-2019-003884", }, { db: "NVD", id: "CVE-2019-1804", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nexus_9332pq_firmware:14.0\\(3d\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_9332pq:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nexus_93180yc-ex_firmware:14.0\\(3d\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_93180yc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nexus_93128tx_firmware:14.0\\(3d\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_93128tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nexus_93120tx_firmware:14.0\\(3d\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_93120tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nexus_93108tc-ex_firmware:14.0\\(3d\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_93108tc-ex:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nexus_9516_firmware:14.0\\(3d\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_9516:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nexus_9508_firmware:14.0\\(3d\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_9508:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nexus_9504_firmware:14.0\\(3d\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_9504:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nexus_9500_firmware:14.0\\(3d\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_9500:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nexus_9396tx_firmware:14.0\\(3d\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_9396tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nexus_9396px_firmware:14.0\\(3d\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_9396px:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nexus_9372tx_firmware:14.0\\(3d\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372tx:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:cisco:nexus_9372px_firmware:14.0\\(3d\\):*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:h:cisco:nexus_9372px:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2019-1804", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Oliver Matula from ERNW Enno Rey Netzwerke GmbH in cooperation with ERNW Research GmbH.,Oliver Matula from ERNW Enno Rey Netzwerke GmbH in cooperation with ERNW Research GmbH,Oliver Matula from ERNW Enno Rey Netzwerke GmbH in cooperation with ERNW Research GmbH", sources: [ { db: "CNNVD", id: "CNNVD-201905-005", }, ], trust: 0.6, }, cve: "CVE-2019-1804", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, impactScore: 10, integrityImpact: "COMPLETE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "HIGH", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Low", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Complete", baseScore: 10, confidentialityImpact: "Complete", exploitabilityScore: null, id: "CVE-2019-1804", impactScore: null, integrityImpact: "Complete", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "High", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "VHN-150346", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "NVD", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "LOW", attackVector: "NETWORK", author: "ykramarz@cisco.com", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", exploitabilityScore: 3.9, impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 9.8, baseSeverity: "Critical", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2019-1804", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "None", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2019-1804", trust: 1.8, value: "CRITICAL", }, { author: "ykramarz@cisco.com", id: "CVE-2019-1804", trust: 1, value: "CRITICAL", }, { author: "CNNVD", id: "CNNVD-201905-005", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-150346", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2019-1804", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-150346", }, { db: "VULMON", id: "CVE-2019-1804", }, { db: "JVNDB", id: "JVNDB-2019-003884", }, { db: "NVD", id: "CVE-2019-1804", }, { db: "NVD", id: "CVE-2019-1804", }, { db: "CNNVD", id: "CNNVD-201905-005", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user. The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable. Cisco Nexus 9000 Series Fabric Switches are prone to an remote security-bypass vulnerability. \nAn attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCvo80686. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text", sources: [ { db: "NVD", id: "CVE-2019-1804", }, { db: "JVNDB", id: "JVNDB-2019-003884", }, { db: "BID", id: "108127", }, { db: "VULHUB", id: "VHN-150346", }, { db: "VULMON", id: "CVE-2019-1804", }, ], trust: 2.07, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-1804", trust: 2.9, }, { db: "BID", id: "108127", trust: 1.1, }, { db: "JVNDB", id: "JVNDB-2019-003884", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201905-005", trust: 0.7, }, { db: "AUSCERT", id: "ESB-2019.1507.2", trust: 0.6, }, { db: "NSFOCUS", id: "43203", trust: 0.6, }, { db: "VULHUB", id: "VHN-150346", trust: 0.1, }, { db: "VULMON", id: "CVE-2019-1804", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-150346", }, { db: "VULMON", id: "CVE-2019-1804", }, { db: "BID", id: "108127", }, { db: "JVNDB", id: "JVNDB-2019-003884", }, { db: "NVD", id: "CVE-2019-1804", }, { db: "CNNVD", id: "CNNVD-201905-005", }, ], }, id: "VAR-201905-1314", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-150346", }, ], trust: 0.717880435, }, last_update_date: "2023-12-18T13:13:27.302000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "cisco-sa-20190501-nexus9k-sshkey", trust: 0.8, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-nexus9k-sshkey", }, { title: "Cisco Nexus 9000 Series Fabric Switches Fixes for encryption problem vulnerabilities", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92156", }, { title: "The Register", trust: 0.2, url: "https://www.theregister.co.uk/2019/05/02/cisco_vulnerabilities/", }, { title: "Cisco: Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190501-nexus9k-sshkey", }, { title: "Threatpost", trust: 0.1, url: "https://threatpost.com/critical-flaw-in-cisco-elastic-services-controller-allows-full-system-takeover/144452/", }, { title: "Threatpost", trust: 0.1, url: "https://threatpost.com/cisco_high-severity_bug/144410/", }, { title: "Threatpost", trust: 0.1, url: "https://threatpost.com/cisco-critical-nexus-9000-flaw/144290/", }, ], sources: [ { db: "VULMON", id: "CVE-2019-1804", }, { db: "JVNDB", id: "JVNDB-2019-003884", }, { db: "CNNVD", id: "CNNVD-201905-005", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-1188", trust: 1, }, { problemtype: "CWE-310", trust: 0.9, }, ], sources: [ { db: "VULHUB", id: "VHN-150346", }, { db: "JVNDB", id: "JVNDB-2019-003884", }, { db: "NVD", id: "CVE-2019-1804", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.2, url: "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190501-nexus9k-sshkey", }, { trust: 1.4, url: "https://nvd.nist.gov/vuln/detail/cve-2019-1804", }, { trust: 0.9, url: "http://www.cisco.com/", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1804", }, { trust: 0.7, url: "https://www.securityfocus.com/bid/108127", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/80066", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/cisco-nexus-9000-aci-code-execution-via-default-ssh-key-29180", }, { trust: 0.6, url: "http://www.nsfocus.net/vulndb/43203", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/1188.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://threatpost.com/critical-flaw-in-cisco-elastic-services-controller-allows-full-system-takeover/144452/", }, ], sources: [ { db: "VULHUB", id: "VHN-150346", }, { db: "VULMON", id: "CVE-2019-1804", }, { db: "BID", id: "108127", }, { db: "JVNDB", id: "JVNDB-2019-003884", }, { db: "NVD", id: "CVE-2019-1804", }, { db: "CNNVD", id: "CNNVD-201905-005", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-150346", }, { db: "VULMON", id: "CVE-2019-1804", }, { db: "BID", id: "108127", }, { db: "JVNDB", id: "JVNDB-2019-003884", }, { db: "NVD", id: "CVE-2019-1804", }, { db: "CNNVD", id: "CNNVD-201905-005", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2019-05-03T00:00:00", db: "VULHUB", id: "VHN-150346", }, { date: "2019-05-03T00:00:00", db: "VULMON", id: "CVE-2019-1804", }, { date: "2019-05-01T00:00:00", db: "BID", id: "108127", }, { date: "2019-05-23T00:00:00", db: "JVNDB", id: "JVNDB-2019-003884", }, { date: "2019-05-03T17:29:00.813000", db: "NVD", id: "CVE-2019-1804", }, { date: "2019-05-01T00:00:00", db: "CNNVD", id: "CNNVD-201905-005", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-11-03T00:00:00", db: "VULHUB", id: "VHN-150346", }, { date: "2021-11-03T00:00:00", db: "VULMON", id: "CVE-2019-1804", }, { date: "2019-05-01T00:00:00", db: "BID", id: "108127", }, { date: "2019-05-23T00:00:00", db: "JVNDB", id: "JVNDB-2019-003884", }, { date: "2021-11-03T19:57:21.273000", db: "NVD", id: "CVE-2019-1804", }, { date: "2021-11-04T00:00:00", db: "CNNVD", id: "CNNVD-201905-005", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201905-005", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Cisco Nexus 9000 Series Application Centric Infrastructure Mode Switch Cryptographic vulnerabilities in software", sources: [ { db: "JVNDB", id: "JVNDB-2019-003884", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "encryption problem", sources: [ { db: "CNNVD", id: "CNNVD-201905-005", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.