Cisco has corrected a serious security issue that would give attackers full access to devices via default credentials.The question is located within the switch of the Cisco Nexus 3000 Series switches and the Nexus 3500 platform, a user account with root access to the bash shell is created during installation and the default setting, the static password can not be changed without damaging the functionality of the device.
The vulnerability "critical" may allow attackers to log on devices with root privileges to access, according to a security advisory published Tuesday. Attackers are able to connect to this account by default with static credentials locally or via telnet or SSH.
Once a cyber attacker has accessed the default account, they do not have administrator privileges and can completely compromise the device.
Cisco has released a software update that eliminates the default account and static credentials. Patches are available for Cisco Nexus 3000 Series switches running versions of the NX-OS 6.0 software (2) U6 (1), 6.0 (2) U6 (2) 6.0 (2) U6 (3), 6.0 (2) U6 (4) and 6.0 (2) U6 (5) and Cisco Nexus 3500 Platform switches running NX-OS software version 6.0 (2) A6 (1), 6.0 (2) A6 (2) 6.0 (2) A6 (3), 6.0 (2) A6 (4), 6.0 (2) A6 (5) and 6.0 (2) A 7 (1).
This is not the first time that Disco has patched this kind of security problems. In January, the technology giant fixes a number of vulnerabilities and has blocked access to the password of the access point of the wireless devices can not be modified. Cisco also took the opportunity to reveal a critical flaw in Access Identity Engine Company (ISE) Services.
Earlier this week, Cisco announced the changes to its business model networks, digital network architecture. The model is composed of virtualization, automation, analysis, management and cloud service using open application programming interfaces for enterprise customers.
The vulnerability "critical" may allow attackers to log on devices with root privileges to access, according to a security advisory published Tuesday. Attackers are able to connect to this account by default with static credentials locally or via telnet or SSH.
Once a cyber attacker has accessed the default account, they do not have administrator privileges and can completely compromise the device.
Cisco has released a software update that eliminates the default account and static credentials. Patches are available for Cisco Nexus 3000 Series switches running versions of the NX-OS 6.0 software (2) U6 (1), 6.0 (2) U6 (2) 6.0 (2) U6 (3), 6.0 (2) U6 (4) and 6.0 (2) U6 (5) and Cisco Nexus 3500 Platform switches running NX-OS software version 6.0 (2) A6 (1), 6.0 (2) A6 (2) 6.0 (2) A6 (3), 6.0 (2) A6 (4), 6.0 (2) A6 (5) and 6.0 (2) A 7 (1).
This is not the first time that Disco has patched this kind of security problems. In January, the technology giant fixes a number of vulnerabilities and has blocked access to the password of the access point of the wireless devices can not be modified. Cisco also took the opportunity to reveal a critical flaw in Access Identity Engine Company (ISE) Services.
Earlier this week, Cisco announced the changes to its business model networks, digital network architecture. The model is composed of virtualization, automation, analysis, management and cloud service using open application programming interfaces for enterprise customers.
