During security advisories released this week, Cisco announced the vulnerability (CVE-2019-1804) with a 9.8 out of 10 severity rating. The SSH protocol in Cisco Nexus 9000 series switches ultimately led to the vulnerability. Root privileges can be obtained by attackers and allow them to execute different programs that could corrupt entire data centers. “The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable,” said Cisco. Nexus 9000s running Cisco NX-OS earlier than 14.1 are affected but Cisco has now released free software updates to help remedy the issue.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is