Insecure Default Credentials in Cisco Nexus 3000 and 3500 Series Devices
CVE-2016-1329

9.8CRITICAL

Key Information:

Vendor

Samsung
Status
X14j Firmware
Opensolaris
Gs1900-10HP Firmware
Keymouse Firmware
Vendor
CVE Published:
3 March 2016

What is CVE-2016-1329?

Cisco Nexus 3000 and 3500 Series Devices contain hardcoded credentials in specified NX-OS versions that can be exploited by remote attackers to gain root privileges. Utilizing TELNET or SSH sessions, unauthorized users can compromise device security, potentially leading to unauthorized access and control over network equipment. The affected devices must be updated to ensure security against such vulnerabilities.

References

https://isc.sans.edu/forums/diary/20795
x_refsource_MISC
http://www.securitytracker.com/id/1035161
vdb-entryx_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-1329 : Insecure Default Credentials in Cisco Nexus 3000 and 3500 Series Devices