PT-2019-2296 · Cisco · Cisco Nx-Os+1

Published

2019-05-15

Updated

2020-10-09

CVE-2019-1731

CVSS v2.0

5.6

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:P/A:N

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified)

Description The issue is related to errors in SSH key management in the Cisco NX-OS network operating system. It could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must have valid administrator device credentials. The vulnerability is due to incomplete error handling during SSH key export and import. A successful exploit could allow the attacker to expose a user's private SSH key or unintentionally import a passphrase-protected private SSH key.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Handling of Exceptional Conditions

RCE

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755CWE-20CWE-200

Related Identifiers

BDU:2019-02067

CVE-2019-1731

Affected Products

Cisco Nx-Os

Cisco Nexus

PT-2019-2296 · Cisco · Cisco Nx-Os+1

CVE-2019-1731

Weakness Enumeration

Related Identifiers

Affected Products

References · 6