CVE-2019-1731 MEDIUM

CVE-2019-1731: Cisco NX-OS Software SSH Key Information Disclosure Vulnerability

Vendor Cisco

Product Cisco NX-OS Software

Weakness CWE-200 · Info exposure

Published May 15, 2019

Last update November 21, 2024

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to incomplete error handling if a specific error type occurs during the SSH key export. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the CLI. A successful exploit could allow the attacker to expose a user's private SSH key. In addition, a similar type of error in the SSH key import could cause the passphrase-protected private SSH key to be imported unintentionally.

Key dates

02Disclosure timeline

May 15, 2019 CVE published

November 21, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-1731

Related vulnerabilities

Identifiers

CVE CVE-2019-1731

CWE CWE-200

CVSS 5.1 / MEDIUM

Affected versions