SB2016100523 - Information disclosure in Cisco Nexus 9000 Series Switches
Published: October 5, 2016 Updated: April 5, 2018
Security Bulletin ID
SB2016100523
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2016-1455)
The vulnerability allows a remote unauthenticared user to potentially sensitive information.The weakness is caused by insufficient access control. By connecting to TCP or UDP ports on the target system attackers can cause iptables configuration flaw that may lets to access important files.
Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.
Remediation
Install update from vendor's website.