Monday, February 22, 00:07
Home security Cisco bug: Critical defect needs patch

Cisco bug: Critical defect needs patch

Cisco has revealed a critical flaw affecting the ENCS 5400-W and CSP 5000-W series devices due to software containing user accounts with a default, static password.

During in-house testing, Cisco discovered Virtual Bandwidth Application Services (vWAAS) with default images of Cisco Enterprise NFV Infrastructure (NFVIS) software - for devices that have user accounts with a fixed password.

Cisco

NFVIS helps clients virtualize Cisco network services, such as Integrated Services Virtual Router, WAN virtualization, Virtual ASA, Virtual Wireless LAN Controller, and next-generation Virtual Firewall.

The default Password means that a remote intruder without credentials could connect to the NFVIS command-line interface of a vulnerable device with administrator rights.

Customers with affected devices should apply Cisco updates if the devices are running vWAAS with NFVIS versions of 6.4.5, 6.4.3d or earlier.

There are no solutions, so updating is the only way for customers to fix the defect, which has a severity score of 9,8 out of 10 and is referred to as CVE-2020-3446.

Cisco lists four conditions under which one intruder could be connected to NFVIS CLI, depending on how customers have configured the device:

  • The Ethernet management port for the CPU on an ENCS 5400-W Series device. This interface can be remotely accessed if a routed IP is configured.
  • The first port of the four-port I350 PCIe Ethernet adapter card on an affected CSP 5000-W device.
  • A link to the vWAAS CLI software and a valid user certificate for authentication to the vWAAS CLI first.
  • A connection to the Cisco Integrated Management Controller (CIMC) interface of the ENCS 5400-W Series or CSP 5000-W Series and a valid user certificate for authentication to CIMC first.

Cisco has also released two more high-quality tips that can be addressed by installing updates software recently released.

In addition to repairing critical defects and severity, the company also issued corrections for 21 additional vulnerabilities of moderate severity.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...