Cisco · Cisco Nexus 9000 Series · CVE-2019-1590
**Name of the Vulnerable Software and Affected Versions**
Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software (affected versions not specified)
**Description**
The issue is related to errors in Transport Layer Security (TLS) certificate validation, which could allow a remote attacker to gain full control over all components in the ACI structure of a vulnerable device. The vulnerability is due to insufficient TLS client certificate validations for certificates sent between the various components of an ACI fabric. An attacker with a trusted certificate and corresponding private key could exploit this by presenting a valid certificate while attempting to connect to the targeted device.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.