News

Cisco Releases Patch for Critical Fixed Password Vulnerability in Nexus Switches

By admin
Spread the love

Network equipment company Cisco has released a patch for the 3000 and 3500 series of its Nexus switches. These are vulnerable because the NX-OS software contains a user account with a fixed password, which attackers can use to gain root access.

Cisco informs that the software creates the user account during installation and users cannot delete it without compromising system operation. The company does not state why the account is there.

This account makes it possible for an attacker to connect to the devices via telnet or in rare cases via ssh and gain administrative access. The vulnerability has been assigned the number cve-2016-1329 and can be used, among other things, to intercept network traffic.

The vulnerable versions of the NX-OS software are 6.0(2)U6(1) through version 6.0(2)U6(5) for the 3000 series switches. For the 3500 series, it concerns versions 6.0(2)A6(2) to 6.0(2)A6(5) and version 6.0(2)A7(1). The devices in this series of Nexus switches are made for use in data centers. Users who cannot update are recommended to disable telnet as a workaround. Cisco is not aware that malicious people have exploited the vulnerability.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Telegram has over 800 million active users and is not yet profitable