First published: Thu Mar 03 2016(Updated: )
Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Nexus 3048 Firmware | ||
Cisco Nexus 3064 Firmware | ||
Cisco Nexus 3064 | ||
Cisco Nexus 3064-X Firmware | ||
Samsung X14J eu | =t-ms14jakucb-1102.5 | |
Oracle Solaris and Zettabyte File System (ZFS) | =snv_124 | |
Zyxel GS1900-10HP firmware | <2.50\(aazi.0\)c0 | |
zzinc KeyMouse | =3.08 | |
Cisco Nexus 3524-xl | ||
Cisco Nexus 3548-X/XL Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-1329 has a critical severity level due to the exposure of hardcoded credentials allowing unauthorized access.
To mitigate CVE-2016-1329, upgrade to a non-vulnerable version of the Cisco NX-OS operating system.
CVE-2016-1329 affects Cisco Nexus 3000 and 3500 series devices running specific versions of NX-OS.
Yes, CVE-2016-1329 can be exploited remotely via TELNET or SSH sessions due to hardcoded credentials.
Exploitation of CVE-2016-1329 can lead to unauthorized root access, allowing attackers to take full control of the affected devices.