A critical vulnerability has been discovered in the software of the Cisco Nexus 3000 Series and 3500 Platform switches used to build the data center infrastructure, which allows an attacker to gain remote access to the device and its console with root privileges.
What is the problem? The error is contained in the Cisco NX-OS – the system user account has a “static” password that cannot be changed in the code. Using it, an attacker can using Telnet or, in some cases, SSH, remotely connect and take control of the device. This password is currently not publicly available. Cisco Nexus 300 Series Switches Running Cisco NX-OS Version 6.0 (2) U6 (1), 6.0 (2) U6 (2), 6.0 (2) U6 (3 ), 6.0 (2) U6 (4) and 6.0 (2) U6 (5) -Cisco Nexus 3500 Platform Switches Running Cisco NX-OS Versions .0 (2) A6 (1), 6.0 (2) A6 ( 2), 6.0 (2) A6 (3), 6.0 (2) A6 (4), 6.0 (2) A6 (5), and 6.0 (2) A7 (1). How to Protect Cisco has released security updates to close the detected error. The manufacturer recommends that all users of the above devices update their software. However, updates can only be installed if you have a valid license to use Cisco products. Users without a valid license are advised to contact company representatives directly for updates.
In order to protect yourself, in addition to installing the update, you can also disable Telnet on vulnerable devices and use exclusively SSH to connect to them.
By default, Telnet is disabled on the Nexus 3000 Series and 3500 Platform switches. To find out if this is the case with a specific system, you need to run a special command on behalf of a user with administrator rights:
# show feature | incl telnet telnetServer 1 disabledImportant point – in the case of Nexus 3500 Platform Switches devices running Cisco NX-OS version 6.0 (2) A6 (1), this method cannot be used, since access to the “default” user account can be done through SSH. The administrators of such devices can only install the update with the fixed vulnerability.
Similar errors related to the ability to access the device using a standard password have been found in Cisco products by security researchers earlier. The company addressed these vulnerabilities:
The Cisco Nexus 3000 Series and 3500 Platform switch software configuration error is not the first vulnerability in Cisco products that has been discovered recently by security researchers.