CVE-2026-5944
Improper Access Control in Cisco Intersight Device Connector Causes Service Disruption
Publication date: 2026-04-28
Last updated on: 2026-04-28
Assigner: 2ffdacf6-8681-47df-b023-4f11abd61c1d
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | intersight_device_connector | * |
| nutanix | prism_central | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper access control issue in the Cisco Intersight Device Connector for Nutanix Prism Central. It involves an API passthrough endpoint exposed on TCP port 7373 that is accessible within the network without requiring authentication.
An attacker who has network access can exploit this by sending specially crafted requests to this endpoint to gather cluster metadata, such as virtual machine information and cluster configuration details.
While the API mainly supports read-only operations, it also permits invoking certain cluster maintenance workflows.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to disruption of active workloads within the affected environment, causing loss of service availability.
Although it does not allow persistent changes to system configurations or access to credentials or sensitive user data, the ability to invoke cluster maintenance workflows without authentication can impact operational stability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an exposed API passthrough endpoint on TCP port 7373 within the network scope of the deployment environment that does not require authentication.
To detect this vulnerability on your network or system, you can scan for open TCP port 7373 on devices running the Cisco Intersight Device Connector for Nutanix Prism Central.
A possible command to check for the open port could be using nmap:
- nmap -p 7373 <target-ip>
If the port is open, further testing with crafted requests to the API endpoint could confirm the vulnerability, but specific commands or scripts for this are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The CVE description does not provide explicit mitigation steps or patches.
However, since the vulnerability is due to an exposed unauthenticated API endpoint on TCP port 7373, immediate mitigation could include restricting network access to this port by implementing firewall rules or network segmentation to limit access only to trusted hosts.
Additionally, monitoring and limiting access to the Cisco Intersight Device Connector service and consulting Nutanix or Cisco support for updates or patches is recommended.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated network access to an API endpoint that can expose cluster metadata and invoke certain maintenance workflows, potentially disrupting active workloads and causing loss of service availability.
However, the vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data.
Given that no sensitive user data or credentials are exposed, the direct impact on compliance with data protection regulations such as GDPR or HIPAA is limited.
Nonetheless, the potential disruption of service availability could affect compliance with standards that require high availability and service continuity.