CVE-2026-5944
Received Received - Intake
Improper Access Control in Cisco Intersight Device Connector Causes Service Disruption

Publication date: 2026-04-28

Last updated on: 2026-05-18

Assigner: 2ffdacf6-8681-47df-b023-4f11abd61c1d

Description
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the exposed endpoint to enumerate cluster metadata, including virtual machine information and cluster configuration details. While the API primarily supports read-only operations, it also allows certain cluster maintenance workflows to be invoked. Although this vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data, successful exploitation may result in disruption of active workloads, leading to loss of service availability within the affected environment.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-05-18
Generated
2026-06-10
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-09
NVD
CVE-2026-5944
EUVD
EUVD-2026-26048
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cisco intersight_device_connector From 4.3.0 (inc) to 7.5.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthenticated network access to an API endpoint that can expose cluster metadata and invoke certain maintenance workflows, potentially disrupting active workloads and causing loss of service availability.

However, the vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data.

Given that no sensitive user data or credentials are exposed, the direct impact on compliance with data protection regulations such as GDPR or HIPAA is limited.

Nonetheless, the potential disruption of service availability could affect compliance with standards that require high availability and service continuity.

Executive Summary

This vulnerability is an improper access control issue in the Cisco Intersight Device Connector for Nutanix Prism Central. It involves an API passthrough endpoint exposed on TCP port 7373 that is accessible within the network without requiring authentication.

An attacker who has network access can exploit this by sending specially crafted requests to this endpoint to gather cluster metadata, such as virtual machine information and cluster configuration details.

While the API mainly supports read-only operations, it also permits invoking certain cluster maintenance workflows.

Impact Analysis

Exploitation of this vulnerability can lead to disruption of active workloads within the affected environment, causing loss of service availability.

Although it does not allow persistent changes to system configurations or access to credentials or sensitive user data, the ability to invoke cluster maintenance workflows without authentication can impact operational stability.

Detection Guidance

This vulnerability involves an exposed API passthrough endpoint on TCP port 7373 within the network scope of the deployment environment that does not require authentication.

To detect this vulnerability on your network or system, you can scan for open TCP port 7373 on devices running the Cisco Intersight Device Connector for Nutanix Prism Central.

A possible command to check for the open port could be using nmap:

  • nmap -p 7373 <target-ip>

If the port is open, further testing with crafted requests to the API endpoint could confirm the vulnerability, but specific commands or scripts for this are not provided in the available resources.

Mitigation Strategies

The CVE description does not provide explicit mitigation steps or patches.

However, since the vulnerability is due to an exposed unauthenticated API endpoint on TCP port 7373, immediate mitigation could include restricting network access to this port by implementing firewall rules or network segmentation to limit access only to trusted hosts.

Additionally, monitoring and limiting access to the Cisco Intersight Device Connector service and consulting Nutanix or Cisco support for updates or patches is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5944. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart