Cisco NX-OS 6.0(2)U6(1) up to and including 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) up to and including 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote malicious users to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco nx-os 6.0\\\\\\(2\\\\\\)u6\\\\\\(5\\\\\\) |
||
cisco nx-os 6.0\\\\\\(2\\\\\\)u6\\\\\\(4\\\\\\) |
||
cisco nx-os 6.0\\\\\\(2\\\\\\)u6\\\\\\(3\\\\\\) |
||
cisco nx-os 6.0\\\\\\(2\\\\\\)u6\\\\\\(2\\\\\\) |
||
cisco nx-os 6.0\\\\\\(2\\\\\\)u6\\\\\\(1\\\\\\) |
||
cisco nx-ox 6.0\\\\\\(2\\\\\\)a7\\\\\\(1\\\\\\) |
||
cisco nx-os 6.0\\\\\\(2\\\\\\)a6\\\\\\(1\\\\\\) |
||
cisco nx-os 6.0\\\\\\(2\\\\\\)a6\\\\\\(5\\\\\\) |
||
cisco nx-os 6.0\\\\\\(2\\\\\\)a6\\\\\\(4\\\\\\) |
||
cisco nx-os 6.0\\\\\\(2\\\\\\)a6\\\\\\(3\\\\\\) |
||
cisco nx-os 6.0\\\\\\(2\\\\\\)a6\\\\\\(2\\\\\\) |
Patch plugs remote pwning telnet vector for Nexus kit
Cisco has slung patches at its Nexus 3000 and 3500 switches to shutter a default remotely-accessible administrative account. The critical bug (CVE-2016-1329) grant attackers root access, according to Cisco security wonks. Admins can shut off Telnet as a workaround in place of the patch. "[The vulnerability] could allow an unauthenticated, remote attacker to log in to the device with the privileges of the root user with bash shell access," Cisco says. "The vulnerability is due to a user account t...