Vulnerability Description
Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Nexus 3048 | - |
| Cisco | Nexus 3064 | - |
| Cisco | Nexus 3064T | - |
| Cisco | Nexus 3064X | - |
| Samsung | X14J Firmware | t-ms14jakucb-1102.5 |
| Sun | Opensolaris | snv_124 |
| Zyxel | Gs1900-10Hp Firmware | < 2.50\(aazi.0\)c0 |
| Zzinc | Keymouse Firmware | 3.08 |
| Cisco | Nexus 3524 | - |
| Cisco | Nexus 3548 | - |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securitytracker.com/id/1035161
- https://isc.sans.edu/forums/diary/20795
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securitytracker.com/id/1035161
- https://isc.sans.edu/forums/diary/20795
FAQ
What is CVE-2016-1329?
CVE-2016-1329 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to ...
How severe is CVE-2016-1329?
CVE-2016-1329 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-1329?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nexus 3048, Cisco Nexus 3064, Cisco Nexus 3064T, Cisco Nexus 3064X, Samsung X14J Firmware.