← volver
CVE-2019-1731

Cisco NX-OS Software SSH Key Information Disclosure Vulnerability

CVSS 5.1 MEDIUMEPSS 0.4%CWE-200
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.1EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
15 may 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the CLI. A successful exploit could allow the attacker to expose a user's private SSH key. In addition, a similar type of error in the SSH key import could cause the passphrase-protected private SSH key to be imported unintentionally.
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N