Critical vulnerability of Cisco Nexus 3000 Series Switches and 3500 Platform allows remote access to them
The Cisco Nexus 3000 Series and 3500 Platform switch software used to build the data center infrastructure has a critical vulnerability that allows an attacker to gain remote access to the device and its console with root privileges.
What is the problem
The error is contained in Cisco NX-OS — the system user account has a static password in the code that cannot be changed. Using it, an attacker can use Telnet or, in some cases, SSH, to remotely connect and take control of the device. This password is currently not publicly available.
')
Information about the vulnerability is published on the manufacturer's website. The document lists the list of vulnerable devices:
- Cisco Nexus 300 Series Switches, running Cisco NX-OS versions 6.0 (2) U6 (1), 6.0 (2) U6 (2), 6.0 (2) U6 (3), 6.0 (2) U6 (4) and 6.0 (2) U6 (5);
- Cisco Nexus 3500 Platform Switches Running Cisco NX-OS Versions .0 (2) A6 (1), 6.0 (2) A6 (2), 6.0 (2) A6 (3), 6.0 (2) A6 (4) , 6.0 (2) A6 (5) and 6.0 (2) A7 (1).
How to protect
Cisco has released a security update that closes the error. The manufacturer recommends that all users of the above devices update their software . However, updates can only be installed if you have a valid license to use Cisco products. Users without a valid license are advised to contact representatives of the company directly for updates.
To protect yourself, in addition to installing the update, you can also disable Telnet on vulnerable devices and use only SSH to connect to them.
By default, Telnet is disabled on the Nexus 3000 Series and 3500 Platform switches. To find out if this is the case for a particular system, you need to run a special command on behalf of the user with administrator rights:
# show feature | incl telnet telnetServer 1 disabled The important point is that in the case of Nexus 3500 Platform Switches devices running Cisco NX-OS version 6.0 (2) A6 (1), this method cannot be used, because access to the default user account can be done via SSH. Administrators of such devices need only install the update with the vulnerability fixed.
Such errors associated with the ability to access the device using a standard password have been previously found by security researchers in Cisco products. The company has eliminated these vulnerabilities:
| Headline News | Link to fixes | CVE ID |
|---|---|---|
| Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability | tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k | CVE-2016-1329 |
| Cisco Nexus 2000 Series Fabric Extender Software Default Credential Vulnerability | tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000 | CVE-2016-1341 |
| Cisco Modular Encoding Platform D9036 Software Default Credentials Vulnerability | tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-d9036 | CVE-2015-6412 |
| Cisco Prime Collaboration Assurance Default Account Credential Vulnerability | tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-pca | CVE-2015-6389 |
| Cisco UCS Director Default Credentials Vulnerability | tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-ucsd | CVE-2014-0709 |
| Cisco Catalyst 3750-X Series Switch Default Credentials Vulnerability | tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20131025-CVE-2013-5522 | CVE-2013-5522 |
| Cisco Video Surveillance 4000 Series IP Camera Default Credential Vulnerability | tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20131015-CVE-2013-5535 | CVE-2013-5535 |
| Cisco TelePresence System Default Credentials Vulnerability | tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130807-tp | CVE-2013-3454 |
| Cisco Prime Network Control Systems Default Credentials Vulnerability | tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-ncs | CVE-2013-1170 |
| Cisco Identity Services Engine Database Default Credentials Vulnerability | tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110920-ise | CVE-2011-3290 |
| Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability | tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110729-tp | CVE-2011-2555 |
| Default Credentials Vulnerability in Cisco Network Registrar | tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110601-cnr | CVE-2011-2024 |
| Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints | tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110202-tandberg | CVE-2011-0354 |
| Cisco Aironet 1800 Series Access Point Default Static Account Credentials Vulnerability | tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160113-air | CVE-2015-6336 |
| Default Credentials for Cisco Media Experience Experience 5600 | tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110601-mxe | CVE-2011-1623 |
The software configuration error of the Cisco Nexus 3000 Series Switches and the 3500 Platform is not the first vulnerability in Cisco products that security researchers have recently discovered.
So in February 2015, the network got information about critical vulnerabilities in Cisco ASA firewalls - one of them allowed remotely unauthorized users to execute arbitrary code or reboot the device, in another case, with the help of zero-day XSS vulnerability, under certain circumstances steal device user credentials.
Source: https://habr.com/ru/post/278569/
All Articles