Cisco Releases Patch for Critical Fixed Password Vulnerability in Nexus Switches
Network equipment company Cisco has released a patch for the 3000 and 3500 series of its Nexus switches. These are vulnerable because the NX-OS software contains a user account with a fixed password, which attackers can use to gain root access.
Cisco informs that the software creates the user account during installation and users cannot delete it without compromising system operation. The company does not state why the account is there.
This account makes it possible for an attacker to connect to the devices via telnet or in rare cases via ssh and gain administrative access. The vulnerability has been assigned the number cve-2016-1329 and can be used, among other things, to intercept network traffic.
The vulnerable versions of the NX-OS software are 6.0(2)U6(1) through version 6.0(2)U6(5) for the 3000 series switches. For the 3500 series, it concerns versions 6.0(2)A6(2) to 6.0(2)A6(5) and version 6.0(2)A7(1). The devices in this series of Nexus switches are made for use in data centers. Users who cannot update are recommended to disable telnet as a workaround. Cisco is not aware that malicious people have exploited the vulnerability.