• March 10, 2016

Cisco Patch Minimizes Security Threat in Nexus Switches

cisco patch

Cisco Patch Minimizes Security Threat in Nexus Switches

Cisco Patch Minimizes Security Threat in Nexus Switches 1024 443 Trapp Technology

Recent Cisco Patch Fixes Error to Prevent Potential Attacks

To address a Nexus NX-OS software security vulnerability on Nexus 3000 Series and 3500 Platform switches, the new Cisco patch removes a default administrative account that attackers can exploit to remotely access and control the switches.

Deemed “critical” by Cisco Systems in a recent security advisory, users with Cisco Nexus 3000 Series and 3500 Platform switches running Cisco NX-OS software are urged to install the Cisco patch in order to neutralize the security weakness on the affected devices.

Without the new patch installed or without workaround measures in place, attackers have the ability to log in to the device through a default account as a root user with bash shell access. Attackers are able to authenticate remotely via Telnet and locally on the console.

Thankfully, disabling Telnet and using SSH for remote connections—or, more importantly, downloading and installing the Cisco patch—will block that avenue of exploitation for attackers, which is excellent news for the affected Nexus users.

The Cisco Product Security Incident Response Team (PSIRT) has stated that they are unaware of active public threats or attacks regarding this particular vulnerability. Cisco TAC discovered the security flaw during a customer case resolution.

For a detailed list of affected Nexus products, workaround information, and a download of the Cisco patch, visit the Cisco Security Advisories and Responses page here.

Worried about your data center assets? Check out Trapp Technology’s Managed Infrastructure Services here.

Related Articles:

See also  From High Tech to Low Tech: Why Arizona Weather Works

Leave a Reply

X