Cybersecurity specialists report that the Cisco Nexus 9000 Series switch presents a critical vulnerability that, if exploited, would allow an attacker to remotely connect to a compromised device using Secure Shell (SSH) and control it with root user privileges. The company revealed the existence of this vulnerability in recent days, giving it a severity score of 9/10.
The vulnerability lies in the SSH key
management process of the Nexus 9000 Series switch; the company mistakenly
placed a pair of default SSH keys on these devices that any attacker with the
necessary skills could steal to connect to the device via IPv6. The
vulnerability was discovered by independent investigators who subsequently
submitted the report to the Cisco security teams.
Cybersecurity and digital forensics specialists
claim that the vulnerability could be exploited by opening an SSH connection
via IPv6 to a compromised device using the stolen keys, so that the attacker
could obtain root user privileges. Because so far no alternative solutions are
known, Cisco strongly recommends users to install their systems’ updates.
The company also launched update patches for
other flaws in the Nexus 9000 switch software; all the vulnerabilities corrected
in this update affect systems running versions of the Cisco NX-OS software
earlier than version 14.1.
Cisco also received a report of a mid-severity
directory escalation vulnerability that, if exploited, could allow a local
attacker with access to valid login credentials to overwrite sensitive system
files.
Finally, a high severity vulnerability was
corrected in the NX-OS
software version 14.1 that could allow threat actors with administrator
credentials to execute arbitrary NX-OS commands as a root user, report
cybersecurity specialists from the International Institute of Cyber Security
(IICS).
Experts also found that the Cisco software did
not correctly validate TLS clients certificates sent between the components of
a Nexus 9000 switch structure.
