CVE-2019-1590

CVE Database · CVE-2019-1590

CVE-2019-1590

· N/AModified

CVSS v3.1

N/A

EPSS

0.98%

Published

May 3, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The vulnerability is due to insufficient TLS client certificate validations for certificates sent between the various components of an ACI fabric. An attacker who has possession of a certificate that is trusted by the Cisco Manufacturing CA and the corresponding private key could exploit this vulnerability by presenting a valid certificate while attempting to connect to the targeted device. An exploit could allow the attacker to gain full control of all other components within the ACI fabric of an affected device.

Weaknesses (CWE)

CWE-295CWE-295

Affected Products (29)

cisco · nx-osvulnerable

cisco · nexus_9000

cisco · nexus_92160yc-x

cisco · nexus_92300yc

cisco · nexus_92304qc

cisco · nexus_9236c

cisco · nexus_9272q

cisco · nexus_93108tc-ex

cisco · nexus_93108tc-fx

cisco · nexus_93120tx

cisco · nexus_93128tx

cisco · nexus_93180lc-ex

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-aci-insecure-fabric

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-aci-insecure-fabric

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs