Guest

Preview Tool

Cisco Bug: CSCur22079 - Cisco Nexus 2K Fabric Extender Software Default Credential Vulnerability

Last Modified

Sep 17, 2019

Products (10)

  • Cisco Nexus 5000 Series Switches
  • Cisco Nexus 5596UP Switch
  • Cisco Nexus 5548P Switch
  • Cisco Nexus 6004 Switch
  • Cisco Nexus 5672UP Switch
  • Cisco Nexus 6001 Switch
  • Cisco Nexus 5696Q Switch
  • Cisco Nexus 56128P Switch
  • Cisco Nexus 5548UP Switch
  • Cisco Nexus 5596T Switch

Known Affected Releases

7.0(1)N1(1) 7.0(1)N1(3) 7.0(4)N1(1)

Description (partial)

Symptom:
A vulnerability in the Cisco Nexus 2000 Series Fabric Extender could allow an unauthenticated, local attacker to log in to the system shell with the privileges of the root user.

The vulnerability is due to a missing password for the root user account on the affected system. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by physically connecting to the affected system. An exploit could allow the attacker to access the system with the privileges of the root user.

Conditions:
A physical connection to the device and a non-standard cable is required to exploit this vulnerability.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.