Cisco stitches default root creds for switches

Patch plugs remote pwning telnet vector for Nexus kit

8 Reg comments Got Tips?

Cisco has slung patches at its Nexus 3000 and 3500 switches to shutter a default remotely-accessible administrative account.

The critical bug (CVE-2016-1329) grant attackers root access, according to Cisco security wonks.

Admins can shut off Telnet as a workaround in place of the patch.

"[The vulnerability] could allow an unauthenticated, remote attacker to log in to the device with the privileges of the root user with bash shell access," Cisco says. "The vulnerability is due to a user account that has a default and static password.

"An attacker could exploit this vulnerability by connecting to the affected system using this default account."

The account is forged at installation and cannot be altered or erased without messing with the switch functionality.

Only those installations which have had telnet turned on from its default state of off are affected.

Cisco says administrators should apply the patch alongside recent switch patches that close off two denial-of-service attack vectors. ®


Biting the hand that feeds IT © 1998–2020