Test ID:	1.3.6.1.4.1.25623.1.0.807524
Category:	CISCO
Title:	Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability (cisco-sa-20160302-n3k)
Summary:	A vulnerability in Cisco NX-OS Software running on Cisco Nexus; 3000 Series Switches and Cisco Nexus 3500 Platform Switches could allow an unauthenticated,; remote attacker to log in to the device with the privileges of the root user with bash shell; access.
Description:	Summary: A vulnerability in Cisco NX-OS Software running on Cisco Nexus 3000 Series Switches and Cisco Nexus 3500 Platform Switches could allow an unauthenticated, remote attacker to log in to the device with the privileges of the root user with bash shell access. Vulnerability Insight: The vulnerability is due to a user account that has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by connecting to the affected system using this default account. The account can be used to authenticate remotely to the device via Telnet (or SSH on a specific release) and locally on the serial console. Solution: See the referenced vendor advisory for a solution. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1329 Cisco Security Advisory: 20160302 Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k https://isc.sans.edu/forums/diary/20795 http://www.securitytracker.com/id/1035161
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.