Share This:

On March 2, 2016, Cisco announced a critical security vulnerability in Cisco NX-OS Software running on Cisco Nexus 3000 Series Switches and Cisco Nexus 3500 Platform Switches. This vulnerability allows remote users access the target system with root privileges using default credentials.

Cisco Nexus 3000 Series Default Account and Credentials Lets Remote Users Access the Target System with Root Privileges …

 

Below is the associated Cisco security advisory, which also revealed the affected versions for Cisco 3000 and 3500 series of devices.

Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability

 

BMC Network Automation customers can easily defect this vulnerability. Thanks to the rule engine enhancements made in version 8.7.

To detect if any of your Cisco devices are vulnerable to this security vulnerability, follow these steps:

 

1. Import the attached rules to your BMC Network Automation 8.7 instance.

 

2. Go to the Rules page and edit the rules to select the 3000/3500 models you have in your environment so that rules do not get applied to all the Nexus switches.