Information disclosure in Cisco Nexus 9000 Series Switches - CVE-2016-1455
Published: October 6, 2016 / Updated: April 5, 2018
Vulnerability identifier: #VU779
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-1455
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Nexus 9000 Series Switches
Cisco Nexus 9000 Series Switches
Detailed vulnerability description
The vulnerability allows a remote unauthenticared user to potentially sensitive information.
The weakness is caused by insufficient access control. By connecting to TCP or UDP ports on the target system attackers can cause iptables configuration flaw that may lets to access important files.
Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.
The weakness is caused by insufficient access control. By connecting to TCP or UDP ports on the target system attackers can cause iptables configuration flaw that may lets to access important files.
Successful exploitation of the vulnerability results in information disclosure on the vulnerable system.
How to mitigate CVE-2016-1455
Update to version 7.0(3)I2(2e) or 7.0(3)I4(1).