Cisco Issues a “Critical” Security Advisory For Their Nexus 9K Series ACI Mode Switches With a CVSS score of 9.8

May 2, 2019 | Cisco Solutions, Network Solutions

40’ish security advisories in total

Please be aware that at least 40 security advisories have been issued for Nexus 9000 Series ACI Mode data center switches. 1 is “critical” with a CVSS score of 9.8 (out of 10) and can let an attacker secretly access system resources with the privileges of a root user. Per Cisco: “The vulnerability is due to the presence of a default SSH key pair that is present in all devices. An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. This vulnerability is only exploitable over IPv6; IPv4 is not vulnerable.” There is no workaround, however Cisco has released free software updates that address the vulnerability.

2 Important Take-Aways:

  • a free software update is available regardless of contract status. This is actually true for all of Cisco’s products. All OEM’s are held to a higher standard regarding security. They are required to fix known security vulnerabilities for the protection of all businesses and commerce that have a web presence. If you are renewing SMARTnet just for the sake of IOS updates and the hardware is not within its first 18 months since release, lets talk about alternatives.
  • I hate seeing Cisco test their products at the expense of their customer’s production environments. Its always something. Without new features there would be no reason for customers to purchase new hardware, but how often are the new features really solving a problem that exists? Furthermore, how often do the new solutions actually work or deliver the propositioned value? I know its fun to have the latest and greatest, but I also know after 20 years of networking, and even in my own personal consumer purchases, that the euphoria of new is often short lived. Have you ever wanted to use a product longer, or purchase a product that is no longer available? Of course you have. Older generation hardware exists in every network on this planet. Or, it will at some point. Why run from it? Embrace it!

Squeeze More Productivity Out of Your Network

We Work Harder So You Can Work Smarter

How Can We Help? Request a Quote

2155 Chenault Dr, Suite 500
Carrollton, TX 75006

469.848.4493

Email Us