14 DAY TRIAL // An internal analysis has revealed the presence of a hidden account with hardcoded credentials in some Cisco Nexus switches product lines. This root account allows a remote attacker to authenticate and take control of the device.
Following the highly mediated Juniper backdoor scandal from last December, Cisco announced an internal audit to search for hidden or forgotten backdoors left intentionally or accidentally inside its products.
The first fruits of this labor have come forward, and Cisco's Technical Assistance Center (TAC) has announced they've discovered one such backdoor affecting its line of Nexus networking switches.
Cisco ranks issue as "critical"
The company has rated the vulnerability (CVE-2016-1329) as critical, the highest severity level Cisco applies to security alerts.
Cisco says that this backdoor is because of a hidden root account that is secretly set up without the equipment owner's knowledge during the Nexus switch installation.
This process is automatic, and the account has root privileges, along with a hardcoded password that cannot be changed. The account is accessible not only locally via a serial cable, but also from a remote location via Telnet and SSH.
Hidden root affects Nexus 3000 and 3500 switches running NX-OS
Cisco says that only Cisco Nexus 3000 Series and Cisco Nexus 3500 Platform switches running the NX-OS software package are affected. For exact details, check the tables at the end of this article.
Firmware patches are available for all affected clients, and even for customers that have an expired support license, or are Cisco customers through third-party vendors.
For sysadmins that can't just yet upgrade their equipment, Cisco recommends that they disable SSH and Telnet access from both the internal and external network and that they secure their devices against unauthorized physical access.
For a company that more or less runs the Internet's backbone, the discovery of such a severe security flaw is only made acceptable by the quick and professional manner in which they've dealt with it.
| Cisco NX-OS Software Major Release - Nexus 3000 Series Switches | First Fixed Release for This Vulnerability | First Fixed Release for This Vulnerability and All Vulnerabilities Described in the Collection of Advisories |
|---|---|---|
| Prior to 6.0 | Not affected | 6.0(2)U6(5a) or later |
| 6.0 | 6.0(2)U6(1a) 6.0(2)U6(2a) 6.0(2)U6(3a) 6.0(2)U6(4a) 6.0(2)U6(5a) |
6.0(2)U6(5a) |
| 7.0 | Not affected | Not affected |
| Cisco NX-OS Software Major Release - Nexus 3500 Platform Switches | First Fixed Release for This Vulnerability | First Fixed Release for This Vulnerability and All Vulnerabilities Described in the Collection of Advisories |
|---|---|---|
| Prior to 6.0 | Not affected | 6.0(2)A7(1a) or later |
| 6.0 | 6.0(2)A6(1a) 6.0(2)A6(2a) 6.0(2)A6(3a) 6.0(2)A6(4a) 6.0(2)A6(5a) 6.0(2)A7(1a) |
6.0(2)A6(5a) or later 6.0(2)A7(1a) or later |
| 7.0 | Not affected | Not affected |