Vulnerability Description
A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the CLI. A successful exploit could allow the attacker to expose a user's private SSH key. In addition, a similar type of error in the SSH key import could cause the passphrase-protected private SSH key to be imported unintentionally.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Nx-Os | < 7.0\(3\)i4\(9\) |
| Cisco | Nexus 3016 | - |
| Cisco | Nexus 3048 | - |
| Cisco | Nexus 3064 | - |
| Cisco | Nexus 3064-T | - |
| Cisco | Nexus 31108Pc-V | - |
| Cisco | Nexus 31108Tc-V | - |
| Cisco | Nexus 31128Pq | - |
| Cisco | Nexus 3132C-Z | - |
| Cisco | Nexus 3132Q | - |
| Cisco | Nexus 3132Q-V | - |
| Cisco | Nexus 3132Q-Xl | - |
| Cisco | Nexus 3164Q | - |
| Cisco | Nexus 3172 | - |
| Cisco | Nexus 3172Pq-Xl | - |
| Cisco | Nexus 3172Tq | - |
| Cisco | Nexus 3172Tq-32T | - |
| Cisco | Nexus 3172Tq-Xl | - |
| Cisco | Nexus 3232C | - |
| Cisco | Nexus 3264C-E | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/108353Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- http://www.securityfocus.com/bid/108353Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-1731?
CVE-2019-1731 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the ta...
How severe is CVE-2019-1731?
CVE-2019-1731 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1731?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 3016, Cisco Nexus 3048, Cisco Nexus 3064, Cisco Nexus 3064-T.