PT-2019-2296 · Cisco · Cisco Nx-Os+1

Publicado

2019-05-15

Atualizado

2020-10-09

CVE-2019-1731

CVSS v2.0

5.6

Média

Vetor

AV:L/AC:L/Au:N/C:C/I:P/A:N

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified)

Description The issue is related to errors in SSH key management in the Cisco NX-OS network operating system. It could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must have valid administrator device credentials. The vulnerability is due to incomplete error handling during SSH key export and import. A successful exploit could allow the attacker to expose a user's private SSH key or unintentionally import a passphrase-protected private SSH key.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Handling of Exceptional Conditions

RCE

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-755CWE-20CWE-200

Identificadores relacionados

BDU:2019-02067

CVE-2019-1731

Produtos afetados

Cisco Nx-Os

Cisco Nexus

PT-2019-2296 · Cisco · Cisco Nx-Os+1

CVE-2019-1731

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6