Cisco Issues 41 Security Advisories in a Single Day
Cisco has issued 41 security advisories in one day, which is reportedly the highest one-day disclosure in at least 12 months.
On Wednesday, May 1, 2019, the San Jose-based company came out with 41 security alerts, which included a highly critical Nexus 9000 data-center flaw. Other than this critical alert, there were 22 advisories considered to pose high impact and 18 bugs that pose medium impact.
A report dated May 2, 2019 on SDxCentral states, “Cisco earlier this week disclosed the highest number of security advisories it has issued in a single day for at least a year. The company issued 41 security alerts on Wednesday, including one deemed to pose a critical impact in the secure shell (SSH) key management for Cisco’s Nexus 9000 series Application Centric Infrastructure (ACI) mode switch software.”
In the last 12 months, Cisco had disclosed 488 security advisories relating to its various products and services. April 2019 saw Cisco disclosing 42 advisories, while the highest disclosure happened in March 2019 (67), followed by September 2018 (63).
The critical flaw disclosed on May 1 was detected in the SSH key pair present in Cisco Nexus 9000 series devices. The bug, CVE-2019-1804, has a CVSS severity rating of 9.8 out of 10 and impacts Cisco’s SDN (Software-Defined Networking) software, allowing unauthenticated take-over of a vulnerable data-center switch using the privileges of the root user.
The Cisco Security Advisory that explains this flaw states, “A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.”
The advisory further explains, “The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user.”
It’s also clarified that this vulnerability can be exploited only over IPv6 and not over IPv4.
Cisco has released software updates to address this vulnerability. The company, in its advisory, has stated that there are no workarounds to address this flaw. It’s also clarified that the Cisco PSIRT (Product Security Incident Response Team) is not aware of any public announcements or malicious use of the vulnerability.
Of the 40 other bugs disclosed, the 22 high-impact ones affect Cisco’s IP Phone 7800 and 8800 series, the company’s small business routers RV320 and RV325, Cisco’s firepower threat defense software, and its security appliance software.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.