Vulnerability Description
A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The vulnerability is due to a lack of proper data-protection mechanisms for disk encryption keys that are used within the partitions on an affected device hard drive. An attacker could exploit this vulnerability by obtaining physical access to the affected device to view certain cleartext keys. A successful exploit could allow the attacker to execute a custom boot process or conduct further attacks on an affected device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Nx-Os | 8.3\(0\)sk\(0.39\) |
| Cisco | Nexus 9000 | - |
| Cisco | Nexus 92160Yc-X | - |
| Cisco | Nexus 92300Yc | - |
| Cisco | Nexus 92304Qc | - |
| Cisco | Nexus 9236C | - |
| Cisco | Nexus 9272Q | - |
| Cisco | Nexus 93108Tc-Ex | - |
| Cisco | Nexus 93108Tc-Fx | - |
| Cisco | Nexus 93120Tx | - |
| Cisco | Nexus 93128Tx | - |
| Cisco | Nexus 93180Lc-Ex | - |
| Cisco | Nexus 93180Yc-Ex | - |
| Cisco | Nexus 93180Yc-Fx | - |
| Cisco | Nexus 93240Yc-Fx2 | - |
| Cisco | Nexus 9332C | - |
| Cisco | Nexus 9332Pq | - |
| Cisco | Nexus 9336C-Fx2 | - |
| Cisco | Nexus 9336Pq | - |
| Cisco | Nexus 9348Gc-Fxp | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108175Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/108175Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-1589?
CVE-2019-1589 is a vulnerability with a CVSS score of 4.6 (MEDIUM). A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticat...
How severe is CVE-2019-1589?
CVE-2019-1589 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1589?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 9000, Cisco Nexus 92160Yc-X, Cisco Nexus 92300Yc, Cisco Nexus 92304Qc.