CVE-2019-1890

Name of the Vulnerable Software and Affected Versions Cisco Nexus 9000 Series ACI Mode Switch (affected versions not specified)

Description The issue is related to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN, allowing an unauthenticated, adjacent attacker to bypass security validations. By sending a malicious LLDP packet, an attacker could connect an unauthorized server to the infrastructure VLAN, which has high privileges. This could enable the attacker to make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.

Recommendations For the Cisco Nexus 9000 Series ACI Mode Switch, consider restricting access to the infrastructure VLAN to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the LLDP protocol in the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode until the issue is resolved. Restrict access to the Cisco Application Policy Infrastructure Controller (APIC) services to prevent unauthorized connections.