News

Cisco Fixes Critical Vulnerability in Nexus 9000 Switch Software

By admin
Spread the love

Cisco has released an update that closes a critical vulnerability in the Nexus 9000 Series switches. With this vulnerability, it was possible as a remote intruder to gain access to the switch and have the same rights as the root user.

According to Cisco, a vulnerability in the secure shell key made it possible for intruders to connect to a system from a distance. This intruder would then have the same rights as the root user. The vulnerability concerns the presence of a default ssh key pair in all devices. An attacker could use these keys to open an ssh connection to a Nexus 9000 device via ipv6. An attack over ipv4 would not work according to Cisco.

Cisco calls the vulnerability “critical” and has given it a score based on the Common Vulnerability Scoring System of 9.8 on a scale to 10. Users of the network equipment are recommended to download and install the free software update 14.1 (1i). According to Cisco, there are no alternatives to fix this vulnerability without an update. Only switches that operate in Application Centric Infrastructure mode are vulnerable to a possible attack, according to Cisco.

The American company says that the leak has not been made public before and that it has not been misused. Finder of the vulnerability is Oliver Matula of the German ERNW. The British The Register states that malicious parties could have used this vulnerability to spy on users.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin