CVE-2019-19752

Name of the Vulnerable Software and Affected Versions nvOC versions 3.2 and earlier

Description The issue allows man-in-the-middle attacks due to SSH host keys being baked into the installation image. This also makes it trivial to identify all public IPv4 nodes using Shodan.io. The vendor has indicated plans to fix this issue in the next image build as of 2019-12-01.

Recommendations For nvOC versions 3.2 and earlier, consider regenerating SSH host keys to prevent man-in-the-middle attacks. As a temporary workaround, restrict access to the affected nodes to minimize the risk of exploitation.