Cisco issues critical patch for Nexus switches to remove hardcoded credentials

Nexus 3000 Series and 3500 Platform switches contain a root account with a static password that can be accessed remotely

Hardcoded credentials continues to plague Cisco devices
Stephen Lawson
Current Job Listings

Cisco Systems has released software updates for its Nexus 3000 and 3500 switches in order to remove a default administrative account with static credentials that could allow remote attackers to compromise devices.

The account is created at installation time by the Cisco NX-OS software that runs on these switches and it cannot be changed or deleted without affecting the system's functionality, Cisco said in an advisory.

The company rated the issue as critical because authenticating with this account can provide attackers with access to a bash shell with root privileges, meaning that they can fully control the device.

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CIO magazine!