HomePentest-Tools.com Logo

Cisco Nexus 9000 Information Disclosure Vulnerability (cisco-sa-20161005-n9kinfo) CVE-2016-1455

Severity
CVSSv3 Score
7.5
Vulnerability description

A vulnerability in the internal iptables configuration for local interfaces on the Cisco Nexus 9000 Series Switch could allow an unauthenticated, remote attacker to access certain sensitive data. The attacker could use this information to conduct additional reconnaissance attacks.

Risk description

The vulnerability is due to incorrect filtering of network traffic destined to certain TCP and UDP ports configured on a local interface. An attacker could exploit this vulnerability by connecting to the affected device on one of the exposed TCP or UDP ports. An exploit could allow the attacker to discover certain sensitive data which should be restricted and could be used to conduct further attacks.

Recommendation

See the referenced vendor advisory for a solution.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Oct 5, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available