Lucene search

[email protected]CVE-2019-1890

HistoryJul 04, 2019 - 8:15 p.m.

CVE-2019-1890

2019-07-0420:15:11

CWE-284

[email protected]

web.nvd.nist.gov

cve-2019-1890

cisco

nexus 9000

aci mode switch

vlan

infrastructure

security vulnerability

unauthorized access

lldp

networking

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.8%

JSON

A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the infrastructure VLAN. The vulnerability is due to insufficient security requirements during the Link Layer Discovery Protocol (LLDP) setup phase of the infrastructure VLAN. An attacker could exploit this vulnerability by sending a malicious LLDP packet on the adjacent subnet to the Cisco Nexus 9000 Series Switch in ACI mode. A successful exploit could allow the attacker to connect an unauthorized server to the infrastructure VLAN, which is highly privileged. With a connection to the infrastructure VLAN, the attacker can make unauthorized connections to Cisco Application Policy Infrastructure Controller (APIC) services or join other host endpoints.

Affected configurations

NVD

Node

ciscoapplication_policy_infrastructure_controllerMatch7.3\(0\)zn\(0.113\)

AND

cisco9432pqMatch-

cisco9536pqMatch-

cisco9636pqMatch-

cisco9736pqMatch-

ciscon9k-x9432c-sMatch-

ciscon9k-x9464pxMatch-

ciscon9k-x9464tx2Match-

ciscon9k-x9564pxMatch-

ciscon9k-x9564txMatch-

ciscon9k-x9636c-rMatch-

ciscon9k-x9636c-rxMatch-

ciscon9k-x97160yc-exMatch-

ciscon9k-x9732c-exMatch-

ciscon9k-x9732c-fxMatch-

ciscon9k-x9736c-exMatch-

ciscon9k-x9736c-fxMatch-

ciscon9k-x9788tc-fxMatch-

cisconexus_92160yc-xMatch-

cisconexus_93108tc-exMatch-

cisconexus_93108tc-fxMatch-

cisconexus_93120txMatch-

cisconexus_9316d-gxMatch-

cisconexus_93180yc-exMatch-

cisconexus_93180yc-fxMatch-

cisconexus_93216tc-fx2Match-

cisconexus_93240yc-fx2Match-

cisconexus_9332cMatch-

cisconexus_93360yc-fx2Match-

cisconexus_9336c-fx2Match-

cisconexus_9348gc-fxpMatch-

cisconexus_93600cd-gxMatch-

cisconexus_9364cMatch-

ciscox9636q-rMatch-

CPENameOperatorVersion
cisco:application_policy_infrastructure_controllercisco application policy infrastructure controllereq7.3\(0\)zn\(0.113\)

CPE	Name	Operator	Version
cisco:application_policy_infrastructure_controller	cisco application policy infrastructure controller	eq	7.3\(0\)zn\(0.113\)

CNA Affected

[
  {
    "product": "Cisco NX-OS System Software in ACI Mode 11.0.1b",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "14.1(2g)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/109052

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.8%

JSON

Related for CVE-2019-1890

prion1 nessus1 cvelist1 nvd1 cisco1