Exploits targeting vulnerable devices, like the Nexus 6p, are becoming more prevalent, according to security researcher David Sanger.
In this case, he says the exploit could be used to take over the network, take control of your device, or even cause data loss.
This vulnerability affects Cisco Nexus devices running Cisco Catalyst 5.0, 5.1, and 5.2, according a Cisco advisory published Monday.
Sanger says the flaw could be exploited remotely to take control and take control over the device’s functions.
The exploit is also vulnerable to remote code execution.
“Cisco Catalyst 6.5, 6.6, and 6.7 devices, as well as the Nexus 5 series and earlier Nexus devices, are vulnerable to this vulnerability.
Any device with Cisco Catalyst 6 and 6+ versions 5.5 or 6.1 are not affected,” Cisco said in a blog post Monday.
It’s important to note that Cisco’s advisory only addresses Nexus devices.
“For more information about the affected devices, see Cisco Catalyst blog post,” the advisory reads.
The vulnerability can be exploited by sending an HTTP POST request with the username “password” to a remote site that the attacker can control.
The victim then would be able to control the device, potentially accessing a remote area of the internet, or any device that connects to the network via the 802.11n or wireless LAN protocols.
Cisco has released a patch that addresses this vulnerability, as has the U.S. National Institute of Standards and Technology.
Sangers’ blog post cites CVE-2014-0726, CVE-2015-0721, CVE/A-2014.
The Nexus devices are listed in a security advisory Cisco issued in March.
“The exploit is relatively simple to perform and requires no specific user interaction, so it is not immediately obvious that this vulnerability will impact a significant number of vulnerable devices,” the Cisco advisory said.
“We recommend that customers consider installing the patch and installing the updated Cisco Catalyst driver, as there may be more vulnerability in this vulnerability.”
The exploit could also be used for other purposes, like stealing credit card information or gaining access to information stored on your device.
Sanger’s blog post does not elaborate on these potential exploits, and he does not say if the vulnerability affects Nexus devices in the future.
A Cisco advisory from December 2015 noted that “Cisco is actively investigating several of these exploits, with some of the most common being the remote code-execution and privilege escalation scenarios.”
Cisco has previously acknowledged the vulnerability and patched it in February.