#VU779 Information disclosure in Cisco Nexus 9000 Series Switches - CVE-2016-1455
Published: October 6, 2016 / Updated: April 5, 2018
Vulnerability identifier: #VU779
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-1455
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Nexus 9000 Series Switches
Cisco Nexus 9000 Series Switches
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote unauthenticared user to potentially sensitive information.
The weakness is caused by insufficient access control. By connecting to TCP or UDP ports on the target system attackers can cause iptables configuration flaw that may lets to access important files.
Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.
The weakness is caused by insufficient access control. By connecting to TCP or UDP ports on the target system attackers can cause iptables configuration flaw that may lets to access important files.
Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.
Remediation
Update to version 7.0(3)I2(2e) or 7.0(3)I4(1).