CVE-2019-1590

Name of the Vulnerable Software and Affected Versions Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software (affected versions not specified)

Description The issue is related to errors in Transport Layer Security (TLS) certificate validation, which could allow a remote attacker to gain full control over all components in the ACI structure of a vulnerable device. The vulnerability is due to insufficient TLS client certificate validations for certificates sent between the various components of an ACI fabric. An attacker with a trusted certificate and corresponding private key could exploit this by presenting a valid certificate while attempting to connect to the targeted device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.