CVE-2026-5944: CWE-306 Missing authentication for critical function in Nutanix Cisco Intersight Device Connector for Prism Central
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the exposed endpoint to enumerate cluster metadata, including virtual machine information and cluster configuration details. While the API primarily supports read-only operations, it also allows certain cluster maintenance workflows to be invoked. Although this vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data, successful exploitation may result in disruption of active workloads, leading to loss of service availability within the affected environment.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-5944) involves missing authentication for a critical function in the Cisco Intersight Device Connector for Nutanix Prism Central (version 4.3.0). The service exposes an API passthrough endpoint on TCP port 7373 without requiring authentication within the network scope. An unauthenticated attacker can exploit this to enumerate cluster metadata, including virtual machine and cluster configuration details, and invoke some cluster maintenance workflows. Although the API is primarily read-only, the ability to trigger maintenance workflows can disrupt active workloads. There is no indication of persistent system configuration modification or credential access. The CVSS 4.0 vector indicates network attack vector, low complexity, no privileges or user interaction required, with high impact on availability and confidentiality.
Potential Impact
Successful exploitation allows an unauthenticated attacker with network access to gather cluster metadata and invoke certain maintenance workflows, potentially disrupting active workloads and causing loss of service availability. There is no impact on persistent system configuration, credential exposure, or sensitive user data. The medium severity rating reflects the potential for availability disruption within the affected environment.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict network access to the TCP port 7373 endpoint to trusted hosts only and monitor for unauthorized access attempts. Do not expose the Cisco Intersight Device Connector API endpoint beyond the trusted internal network. Follow vendor updates for any forthcoming patches or official mitigations.
CVE-2026-5944: CWE-306 Missing authentication for critical function in Nutanix Cisco Intersight Device Connector for Prism Central
Description
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated attacker with network access can exploit this vulnerability by sending crafted requests to the exposed endpoint to enumerate cluster metadata, including virtual machine information and cluster configuration details. While the API primarily supports read-only operations, it also allows certain cluster maintenance workflows to be invoked. Although this vulnerability does not allow persistent modification of system configurations or access to credentials or sensitive user data, successful exploitation may result in disruption of active workloads, leading to loss of service availability within the affected environment.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-5944) involves missing authentication for a critical function in the Cisco Intersight Device Connector for Nutanix Prism Central (version 4.3.0). The service exposes an API passthrough endpoint on TCP port 7373 without requiring authentication within the network scope. An unauthenticated attacker can exploit this to enumerate cluster metadata, including virtual machine and cluster configuration details, and invoke some cluster maintenance workflows. Although the API is primarily read-only, the ability to trigger maintenance workflows can disrupt active workloads. There is no indication of persistent system configuration modification or credential access. The CVSS 4.0 vector indicates network attack vector, low complexity, no privileges or user interaction required, with high impact on availability and confidentiality.
Potential Impact
Successful exploitation allows an unauthenticated attacker with network access to gather cluster metadata and invoke certain maintenance workflows, potentially disrupting active workloads and causing loss of service availability. There is no impact on persistent system configuration, credential exposure, or sensitive user data. The medium severity rating reflects the potential for availability disruption within the affected environment.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict network access to the TCP port 7373 endpoint to trusted hosts only and monitor for unauthorized access attempts. Do not expose the Cisco Intersight Device Connector API endpoint beyond the trusted internal network. Follow vendor updates for any forthcoming patches or official mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Nutanix
- Date Reserved
- 2026-04-09T05:40:22.214Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f0b827cbff5d8610144400
Added to database: 4/28/2026, 1:37:43 PM
Last enriched: 4/28/2026, 1:51:53 PM
Last updated: 4/28/2026, 5:21:46 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.