Cisco released a security updates with fixes for several product including Cisco Nexus 9000 Series Fabric Switches that affected by critical SSH key vulnerability that allow remote attackers gain access to the affected system.
A Critical Vulnerability (CVE-2019-1804) in SSH key pair for the software’s Secure Shell (SSH) key management function that allows attacks to discover the pairing and connect to a vulnerable Nexus 9000 Series device remotely.
This bug leaks to an attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials.
Additionally Cisco patched 22 high-severity flaws and 18 medium-severity flaws that affected various other Cisco
Another high severity vulnerability (CVE-2019-1803) that affected Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges.
“Multiple vulnerabilities in the Server Message Block (SMB) Protocol preprocessor detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent or remote attacker to cause a denial of service (DoS) condition.”
A Complete List of Vulnerabilities that Patched by Cisco
Cisco advised users to apply these patches immediately to keep the network safe and secure.