CVE-2016-1329

moderate-risk
Published 2016-03-03

Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.

Do I need to act?

~
2.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (4)

Opensolaris
Keymouse Firmware

Affected Vendors

Zyxel Zzinc Sun Samsung

References (6)

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...
http://www.securitytracker.com/id/1035161
https://isc.sans.edu/forums/diary/20795
Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...
http://www.securitytracker.com/id/1035161
https://isc.sans.edu/forums/diary/20795
47
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 5/34 · Minimal
Exposure 10/34 · Low