CVE-2016-1329
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
03/03/2016
Last modified:
12/04/2025
Description
Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:h:cisco:nexus_3048:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_3064:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_3064t:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_3064x:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:* | ||
| cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:* | 2.50\(aazi.0\)c0 (excluding) | |
| cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:* | ||
| cpe:2.3:h:cisco:nexus_3524:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:cisco:nexus_3548:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:samsung:x14j_firmware:t-ms14jakucb-1102.5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:sun:opensolaris:snv_124:*:sparc:*:*:*:*:* | ||
| cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:* | 2.50\(aazi.0\)c0 (excluding) | |
| cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k
- http://www.securitytracker.com/id/1035161
- https://isc.sans.edu/forums/diary/20795
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k
- http://www.securitytracker.com/id/1035161
- https://isc.sans.edu/forums/diary/20795