Vulnerability Description
A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The vulnerability is due to insufficient TLS client certificate validations for certificates sent between the various components of an ACI fabric. An attacker who has possession of a certificate that is trusted by the Cisco Manufacturing CA and the corresponding private key could exploit this vulnerability by presenting a valid certificate while attempting to connect to the targeted device. An exploit could allow the attacker to gain full control of all other components within the ACI fabric of an affected device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Nx-Os | 8.3\(0\)sk\(0.39\) |
| Cisco | Nexus 9000 | - |
| Cisco | Nexus 92160Yc-X | - |
| Cisco | Nexus 92300Yc | - |
| Cisco | Nexus 92304Qc | - |
| Cisco | Nexus 9236C | - |
| Cisco | Nexus 9272Q | - |
| Cisco | Nexus 93108Tc-Ex | - |
| Cisco | Nexus 93108Tc-Fx | - |
| Cisco | Nexus 93120Tx | - |
| Cisco | Nexus 93128Tx | - |
| Cisco | Nexus 93180Lc-Ex | - |
| Cisco | Nexus 93180Yc-Ex | - |
| Cisco | Nexus 93180Yc-Fx | - |
| Cisco | Nexus 93240Yc-Fx2 | - |
| Cisco | Nexus 9332C | - |
| Cisco | Nexus 9332Pq | - |
| Cisco | Nexus 9336C-Fx2 | - |
| Cisco | Nexus 9336Pq | - |
| Cisco | Nexus 9348Gc-Fxp | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-1590?
CVE-2019-1590 is a vulnerability with a CVSS score of 8.1 (HIGH). A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unaut...
How severe is CVE-2019-1590?
CVE-2019-1590 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1590?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 9000, Cisco Nexus 92160Yc-X, Cisco Nexus 92300Yc, Cisco Nexus 92304Qc.