Cybersecurity specialists report that the Cisco Nexus 9000 Series switch presents a critical vulnerability that, if exploited, would allow an attacker to remotely connect to a compromised device using Secure Shell (SSH) and control it with root user privileges. The company revealed the existence of this vulnerability in recent days, giving it a severity score of 9/10.
The vulnerability lies in the SSH key management process of the Nexus 9000 Series switch; the company mistakenly placed a pair of default SSH keys on these devices that any attacker with the necessary skills could steal to connect to the device via IPv6. The vulnerability was discovered by independent investigators who subsequently submitted the report to the Cisco security teams.
Cybersecurity and digital forensics specialists claim that the vulnerability could be exploited by opening an SSH connection via IPv6 to a compromised device using the stolen keys, so that the attacker could obtain root user privileges. Because so far no alternative solutions are known, Cisco strongly recommends users to install their systems’ updates.
The company also launched update patches for other flaws in the Nexus 9000 switch software; all the vulnerabilities corrected in this update affect systems running versions of the Cisco NX-OS software earlier than version 14.1.
Cisco also received a report of a mid-severity directory escalation vulnerability that, if exploited, could allow a local attacker with access to valid login credentials to overwrite sensitive system files.
Finally, a high severity vulnerability was corrected in the NX-OS software version 14.1 that could allow threat actors with administrator credentials to execute arbitrary NX-OS commands as a root user, report cybersecurity specialists from the International Institute of Cyber Security (IICS).
Experts also found that the Cisco software did not correctly validate TLS clients certificates sent between the components of a Nexus 9000 switch structure.