CVE-2019-1731

CVE Database · CVE-2019-1731

CVE-2019-1731

· MEDIUMModified

CVSS v3.1

4.4

EPSS

0.35%

Published

May 15, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the CLI. A successful exploit could allow the attacker to expose a user's private SSH key. In addition, a similar type of error in the SSH key import could cause the passphrase-protected private SSH key to be imported unintentionally.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-200CWE-755

Affected Products (81)

cisco · nx-os (up to 7.0\(3\)i4\(9\))vulnerable

cisco · nx-os (up to 7.0\(3\)i7\(4\))vulnerable

cisco · nexus_3016

cisco · nexus_3048

cisco · nexus_3064

cisco · nexus_3064-t

cisco · nexus_31108pc-v