Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot Vulnerability
CVE-2019-1589

4.2MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Nx-os Software For Nexus 9000 Series Fabric Switches Aci Mode
Vendor
CVE Published:
3 May 2019

Badges

👾 Exploit Exists

What is CVE-2019-1589?

A vulnerability in the Trusted Platform Module (TPM) functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The vulnerability is due to a lack of proper data-protection mechanisms for disk encryption keys that are used within the partitions on an affected device hard drive. An attacker could exploit this vulnerability by obtaining physical access to the affected device to view certain cleartext keys. A successful exploit could allow the attacker to execute a custom boot process or conduct further attacks on an affected device.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode 8.3(0)SK(0.39)

References

https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/108175
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Physical
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.