Network Security, Patch/Configuration Management, Vulnerability Management

Cisco tackles critical vulnerability in switch software, 41 other bugs


Cisco Systems issued a series of security updates on Wednesday, addressing 42 vulnerabilities, including one critical bug found in the Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software.

Designated CVE-2019-1804, the critical flaw could potentially allow an authenticated remote attacker to gain root user privileges on an affected system. Cisco Nexus 9000 Series Fabric Switches using versions of the software prior to 14.1 are vulnerable when running in Application Centric Infrastructure (ACI) mode.

"The vulnerability is due to the presence of a default SSH key pair that is present in all devices," a security advisory explains. "An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the rootuser. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable."

Of the remaining vulnerabilities posted on May 1, 23 of them are considered high severity in nature, while the rest are medium-level threats.

Affected products include the Cisco Web Security Appliance, Umbrella Dashboard, Adaptive Security Appliance Software, Firepower Threat Defense, Small Business Switches, Small Business RV320 and RV325 Routers, IP Phone 7800 Series and 800 Series, Application Policy Infrastructure Controller, Prime Network Registrar, Price Collaboration Assurance, HyperFlex HX-Series, Expressway Series and Email Security Appliance.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.