Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:C/RE:L/U:Amber
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:C/RE:L/U:Amber
Lifecycle Timeline
8DescriptionCVE.org
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication.
An unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the exposed endpoint to enumerate cluster metadata, including virtual machine information and cluster configuration details. While the API primarily supports read-only operations, it also allows certain cluster maintenance workflows to be invoked.
Although this vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data, successful exploitation may result in disruption of active workloads, leading to loss of service availability within the affected environment.
AnalysisAI
Unauthenticated network attackers can access an exposed API passthrough endpoint on TCP port 7373 in Cisco Intersight Device Connector for Nutanix Prism Central, enabling enumeration of cluster metadata and invocation of cluster maintenance workflows that may disrupt active workloads. The vulnerability stems from missing authentication controls on a network-accessible service endpoint and carries a CVSS 6.7 score reflecting high availability impact despite limited confidentiality and integrity exposure. No public exploit code or active exploitation has been confirmed, but the attack requires no special conditions beyond network access to the deployment environment.
Technical ContextAI
The Cisco Intersight Device Connector is a service component that bridges Cisco Intersight management systems with Nutanix Prism Central clusters. The vulnerability exists in an API passthrough endpoint listening on TCP port 7373 that lacks authentication validation. The affected CPE (cpe:2.3:a:nutanix:cisco_intersight_device_connector_for_prism_central:*:*:*:*:*:*:*:*) indicates all versions of the product are potentially affected. The root cause is CWE-306 (Missing Authentication for Critical Function), where the API endpoint should enforce authentication but does not validate requester identity before processing requests. The endpoint supports both read-only metadata enumeration operations and cluster maintenance workflow invocation, though persistent configuration modification and credential access are not exposed.
RemediationAI
Apply the patched version of Cisco Intersight Device Connector as released by Nutanix in Security Advisory 0046; consult the advisory PDF and Nutanix support portal for exact patched version numbers and upgrade procedures specific to your Prism Central deployment. Until patching is possible, implement network-level compensating controls: restrict inbound access to TCP port 7373 using firewall rules to only trusted management subnets and Intersight management systems, blocking all other internal and external sources. Additionally, deploy network segmentation to isolate Prism Central infrastructure from general user networks and untrusted systems. Monitor TCP port 7373 for unexpected connection attempts and review API logs (if available) for enumeration or workflow invocation activity. These controls trade operational convenience for security by limiting flexibility in cluster management access but are essential until patches are deployed in non-segmented or high-trust internal environments.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26048