Cisco Nexus 3000/3500 switch default credential Vulnerability (CVE-2016-1329)
Cisco Nexus 3000/3500 switch default credential Vulnerability (CVE-2016-1329)
Release date:
Updated on:
Affected Systems:
Cisco Nexus 3000 Series Switches
Cisco Nexus 3500 Platform Switches
Description:
CVE (CAN) ID: CVE-2016-1329
Nexus is a Cisco network switch product designed for data centers.
On Cisco Nexus 3000 series switches and Cisco Nexus 3500 platform switches, security vulnerabilities in the Cisco NX-OS allow unauthenticated remote attackers to log on to the device as a root user, and has the bash shell access permission. This vulnerability is caused by a user account created during installation that cannot be deleted or changed. The password is also static by default.
<* Source: Cisco
Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k
*>
Suggestion:
Vendor patch:
Cisco
-----
Cisco has released a Security Bulletin (cisco-sa-20160302-n3k) and patches for this:
Cisco-sa-20160302-n3k: Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability
Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k
This article permanently updates the link address: