A vulnerability in the Cisco Nexus 2000 Series Fabric Extender could allow an unauthenticated, local attacker to log in to the system shell with root user privileges.
 
The vulnerability is due to a missing password for the root user account on the affected system.

This account is created at installation and cannot be changed or deleted without impacting the functionality of the system.

An attacker could exploit this vulnerability by physically connecting to the affected system.

An exploit could allow the attacker to access the system with root user privileges.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000
A vulnerability in the Cisco Nexus 2000 Series Fabric Extender could allow an unauthenticated, local attacker to log in to the system shell with root user privileges.
 
The vulnerability is due to a missing password for the root user account on the affected system.

This account is created at installation and cannot be changed or deleted without impacting the functionality of the system.

An attacker could exploit this vulnerability by physically connecting to the affected system.

An exploit could allow the attacker to access the system with root user privileges.

Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160223-nx2000

Security Impact Rating: Medium

CVE: CVE-2016-1341