Patch/Configuration Management, Vulnerability Management

Cisco patches critical vulnerability in Nexus devices

Cisco Wednesday warned users of a critical vulnerability in Nexus 3000 and 3500 series switches, which, if exploited, could allow an unauthenticated remote attacker to log in to the device with root user privileges.

The vulnerability lies with a user account that has a default and static password that which is created at installation and can't be changed or deleted without impacting the functionality of the system, according to the security advisory.

“The account can be used to authenticate remotely to the device via Telnet (or SSH on a specific release) and locally on the serial console,” the advisory said.

The vulnerability was spotted during the resolution of a customer case and a free software update is available to patch the bug.

Cisco said its Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.