Question 1

What is CVE-2016-1341?

Accepted Answer

CVE-2016-1341 is a critical-severity software vulnerability (CWE-255) with a CVSS score of 9.8. Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079.

Question 2

Is CVE-2016-1341 being actively exploited?

Accepted Answer

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 1%.

Question 3

What products does CVE-2016-1341 affect?

Accepted Answer

Tracked products affected include NX-OS. Check the version you run to see whether it is affected.

Question 4

How do I fix CVE-2016-1341?

Accepted Answer

Apply the vendor fix promptly. Upgrade affected products to a fixed version.

CVE-2016-1341

Summary

Impact & exploitability

Affected products we track (1)

Recommendation

Additional information