CVE-2016-1329

Name of the Vulnerable Software and Affected Versions Cisco NX-OS versions 6.0(2)U6(1) through 6.0(2)U6(5) Cisco NX-OS versions 6.0(2)A6(1) through 6.0(2)A6(5) Cisco NX-OS version 6.0(2)A7(1)

Description The issue is due to hardcoded credentials in the Cisco NX-OS software, allowing remote attackers to obtain root privileges via TELNET or SSH sessions. This could enable an unauthenticated, remote attacker to log in to the device with the privileges of the root user with bash shell access. The vulnerability exists because of a user account with a default and static password, created at installation, which cannot be changed or deleted without impacting system functionality.

Recommendations For Cisco NX-OS versions 6.0(2)U6(1) through 6.0(2)U6(5), update to a version that addresses this vulnerability. For Cisco NX-OS versions 6.0(2)A6(1) through 6.0(2)A6(5), update to a version that addresses this vulnerability. For Cisco NX-OS version 6.0(2)A7(1), update to a version that addresses this vulnerability. As a temporary workaround, consider restricting access to TELNET and SSH sessions until a patch is available.