Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability Impersonation and Credential Capture

A vulnerability exists in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) releases 11.5 and earlier, due to inadequate validation of SSH host keys. This flaw enables an unauthenticated, remote attacker to conduct a man-in-the-middle attack on SSH connections to devices managed by Cisco NDFC. By intercepting this traffic, the attacker could impersonate a managed device and capture user credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized impersonation of Cisco NDFC-managed devices, allowing interception of SSH traffic and capture of user credentials.

Remediation

Cisco has released software updates that address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For those without service contracts, contact the Cisco Technical Assistance Center (TAC) for assistance. Instructions for downloading the fixed software are available on the Cisco Support and Downloads page.