Skip to main content

Cisco Intersight Device Connector CVE-2026-5944

| EUVDEUVD-2026-26048 MEDIUM
Missing Authentication for Critical Function (CWE-306)
2026-04-28 Nutanix
6.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:C/RE:L/U:Amber

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:C/RE:L/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
N

Lifecycle Timeline

8
Patch released
Apr 28, 2026 - 20:23 nvd
Patch available
Patch available
Apr 28, 2026 - 15:01 EUVD
Analysis Generated
Apr 28, 2026 - 14:30 vuln.today
Severity Changed
Apr 28, 2026 - 14:22 NVD
HIGH MEDIUM
CVSS changed
Apr 28, 2026 - 14:22 NVD
8.2 (HIGH) 6.7 (MEDIUM)
EUVD ID Assigned
Apr 28, 2026 - 14:00 euvd
EUVD-2026-26048
Analysis Generated
Apr 28, 2026 - 14:00 vuln.today
CVE Published
Apr 28, 2026 - 13:06 nvd
MEDIUM 6.7

DescriptionCVE.org

An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication.

An unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the exposed endpoint to enumerate cluster metadata, including virtual machine information and cluster configuration details. While the API primarily supports read-only operations, it also allows certain cluster maintenance workflows to be invoked.

Although this vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data, successful exploitation may result in disruption of active workloads, leading to loss of service availability within the affected environment.

AnalysisAI

Unauthenticated network attackers can access an exposed API passthrough endpoint on TCP port 7373 in Cisco Intersight Device Connector for Nutanix Prism Central, enabling enumeration of cluster metadata and invocation of cluster maintenance workflows that may disrupt active workloads. The vulnerability stems from missing authentication controls on a network-accessible service endpoint and carries a CVSS 6.7 score reflecting high availability impact despite limited confidentiality and integrity exposure. No public exploit code or active exploitation has been confirmed, but the attack requires no special conditions beyond network access to the deployment environment.

Technical ContextAI

The Cisco Intersight Device Connector is a service component that bridges Cisco Intersight management systems with Nutanix Prism Central clusters. The vulnerability exists in an API passthrough endpoint listening on TCP port 7373 that lacks authentication validation. The affected CPE (cpe:2.3:a:nutanix:cisco_intersight_device_connector_for_prism_central:*:*:*:*:*:*:*:*) indicates all versions of the product are potentially affected. The root cause is CWE-306 (Missing Authentication for Critical Function), where the API endpoint should enforce authentication but does not validate requester identity before processing requests. The endpoint supports both read-only metadata enumeration operations and cluster maintenance workflow invocation, though persistent configuration modification and credential access are not exposed.

RemediationAI

Apply the patched version of Cisco Intersight Device Connector as released by Nutanix in Security Advisory 0046; consult the advisory PDF and Nutanix support portal for exact patched version numbers and upgrade procedures specific to your Prism Central deployment. Until patching is possible, implement network-level compensating controls: restrict inbound access to TCP port 7373 using firewall rules to only trusted management subnets and Intersight management systems, blocking all other internal and external sources. Additionally, deploy network segmentation to isolate Prism Central infrastructure from general user networks and untrusted systems. Monitor TCP port 7373 for unexpected connection attempts and review API logs (if available) for enumeration or workflow invocation activity. These controls trade operational convenience for security by limiting flexibility in cluster management access but are essential until patches are deployed in non-segmented or high-trust internal environments.

Share

CVE-2026-5944 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy