Reference: CERT-EU Security Advisory 2016-119 Short Summary -------------- A vulnerability in Cisco NX-OS Software allows a perpetrator to connect to the device with administrative privileges. The NX-OS has a built-in user account with default password and root access. This account can not be changed and/or deleted without altering the system's functionality. In certain circumstances an attacker can use this account to connect via Telnet or SSH or even locally to the device. CVE reference: CVE-2016-1329 Affected platforms: CISCO Nexus 3000, Nexus 3500 Date found: 2016-03-02 Security risk: High Vendor Status: Notified / Patch available Systems affected ----------------- Cisco Nexus 3000 Series Switches, Cisco Nexus 3500 Platform Switches Impact ------- The successful exploitation of a vulnerable device allows the attacker to gain root access. Solutions ---------- As a workaround, Telnet can be disabled in Cisco Nexus 3000 Series Switches NX-OS (6.0(2)U6(1), 6.0(2)U6(2), 6.0(2)U6(3), 6.0(2)U6(4), 6.0(2)U6(5)) and in Cisco Nexus 3500 Platform Switches NX-OS Software Releases (6.0(2)A6(2), 6.0(2)A6(3), 6.0(2)A6(4), 6.0(2)A6(5), 6.0(2)A7(1)). Vendor has released software updates that address the problem: In Nexus 3000 Series Switches upgrade to 6.0(2)U6(5a) or later is recommended. In Nexus 3500 Platform Switches upgrade to 6.0(2)A7(1a) or later and 6.0(2)A6(5a) or later is recommended. Additional References ----------------------- [1] CISCO: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k CERT-EU (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383