A vulnerability in the Cisco Nexus 2000 Series Fabric Extender could allow an unauthenticated, local malicious user to log in to the system shell with root user privileges. The vulnerability is due to a missing password for the root user account on the affected system. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by physically connecting to the affected system. An exploit could allow the malicious user to access the system with root user privileges. Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco nx-os 7.0\\(4\\)n1\\(1\\) |
||
cisco nx-os 7.0\\(1\\)n1\\(3\\) |
||
cisco nx-os 7.0\\(1\\)n1\\(1\\) |