1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cisco issues critical patch for Nexus switches to remove hardcoded credentials

Discussion in 'CSO' started by RSS, Mar 3, 2016.

  1. RSS

    RSS New Member Member

    Cisco Systems has released software updates for its Nexus 3000 and 3500 switches in order to remove a default administrative account with static credentials that could allow remote attackers to compromise devices.

    The account is created at installation time by the Cisco NX-OS software that runs on these switches and it cannot be changed or deleted without affecting the system's functionality, Cisco said in an advisory.

    The company rated the issue as critical because authenticating with this account can provide attackers with access to a bash shell with root privileges, meaning that they can fully control the device.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page