Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability

🚨 SEVERITY: HIGH — CVSS 8.7 Security Advisory

TL;DR 📌

A high-severity vulnerability has been identified in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC), allowing unauthenticated remote attackers to impersonate managed devices due to insufficient SSH host key validation. Cisco has released software updates to address this issue, with no workarounds available.

What happened 🕵️‍♂️

A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability arises from insufficient SSH host key validation, enabling attackers to perform machine-in-the-middle attacks on SSH connections. A successful exploit could lead to traffic interception and user credential capture.

Affected products 🖥️

This vulnerability affects Cisco Nexus Dashboard Fabric Controller (NDFC) across all device configurations. Notably, Cisco NDFC releases 11.5 and earlier were previously known as Cisco Data Center Network Manager (DCNM). The following products are confirmed not vulnerable:

  • Nexus Dashboard Insights
  • Nexus Dashboard Orchestrator (NDO)

Fixed software 🔧

Upgrade to at least the first fixed release in your train (or later):

Product / Release Train First Fixed Release Notes
ISE / ISE-PIC 3.1 Migrate to a fixed release.
ISE / ISE-PIC 3.2 3.2(2f)
ISE / ISE-PIC 1.0 Initial public release.

Workarounds 🧯

There are no workarounds available to mitigate this vulnerability.

Risk in context 🎯

With a CVSS score of 8.7, this vulnerability is classified as high severity. The potential for an attacker to impersonate managed devices and capture sensitive user credentials poses a significant risk to network security.

Fast facts ⚡

  • Vulnerability: SSH Host Key Validation
  • CVSS Score: 8.7 (High)
  • Exploitation: Machine-in-the-middle attacks possible
  • No workarounds available
  • Fixed releases: 3.2(2f) and migration for 3.1

For leadership 🧭

This advisory highlights a critical vulnerability affecting Cisco Nexus Dashboard Fabric Controller, which could have severe implications for network security. Immediate action is recommended to apply the necessary software updates to mitigate risks associated with this vulnerability. Regularly consulting Cisco’s security advisories is essential for maintaining a secure network environment.