During security advisories released this week, Cisco announced the vulnerability (CVE-2019-1804) with a 9.8 out of 10 severity rating. The SSH protocol in Cisco Nexus 9000 series switches ultimately led to the vulnerability. Root privileges can be obtained by attackers and allow them to execute different programs that could corrupt entire data centers. “The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable,” said Cisco. Nexus 9000s running Cisco NX-OS earlier than 14.1 are affected but Cisco has now released free software updates to help remedy the issue.
Users are suggested to download the updates and monitor the switches closely. Unnecessary lateral communication on the devices should be kept to a minimum and Out-of-Band network management should be performed. Segmentation and segregation of networks and their functions should be done as well.