ID de Prueba:	1.3.6.1.4.1.25623.1.0.807524
Categoría:	CISCO
Título:	Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability (cisco-sa-20160302-n3k)
Resumen:	A vulnerability in Cisco NX-OS Software running on Cisco Nexus; 3000 Series Switches and Cisco Nexus 3500 Platform Switches could allow an unauthenticated,; remote attacker to log in to the device with the privileges of the root user with bash shell; access.
Descripción:	Summary: A vulnerability in Cisco NX-OS Software running on Cisco Nexus 3000 Series Switches and Cisco Nexus 3500 Platform Switches could allow an unauthenticated, remote attacker to log in to the device with the privileges of the root user with bash shell access. Vulnerability Insight: The vulnerability is due to a user account that has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by connecting to the affected system using this default account. The account can be used to authenticate remotely to the device via Telnet (or SSH on a specific release) and locally on the serial console. Solution: See the referenced vendor advisory for a solution. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1329 Cisco Security Advisory: 20160302 Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k https://isc.sans.edu/forums/diary/20795 http://www.securitytracker.com/id/1035161
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.