CVE-2026-5944— Nutanix Prism Central 访问控制错误漏洞

Cisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API Access

An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the exposed endpoint to enumerate cluster metadata, including virtual machine information and cluster configuration details. While the API primarily supports read-only operations, it also allows certain cluster maintenance workflows to be invoked. Although this vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data, successful exploitation may result in disruption of active workloads, leading to loss of service availability within the affected environment.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

关键功能的认证机制缺失

Nutanix Prism Central 访问控制错误漏洞

Nutanix Prism Central是美国Nutanix公司的一个集中式管理控制台。 Nutanix Prism Central存在访问控制错误漏洞，该漏洞源于访问控制不当，可能导致未经身份验证的攻击者通过网络访问，向暴露的端点发送特制请求，枚举集群元数据，包括虚拟机信息和集群配置详细信息，并调用某些集群维护工作流，导致活动工作负载中断，造成服务可用性损失。

N/A

N/A