Improper Authentication in Cisco Enterprise NFV Infrastructure Software

Sep 2, 2021 08:00 am Cyber Security 225

This security advisory describes one high risk vulnerability.


1) Improper Authentication


Risk: High


CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]


CVE-ID: CVE-2021-34746


CWE-ID: CWE-287 - Improper Authentication


Exploit availability: No


Description

The vulnerability allows a remote attacker to bypass authentication process.


The vulnerability exists due to an error in when processing authentication requests in the TACACS+ authentication, authorization and accounting (AAA) feature. A remote attacker can inject parameters into an authentication request, bypass authentication and log in as an administrator to the affected device.


Mitigation

Install updates from vendor's website.


Vulnerable software versions

Enterprise NFV Infrastructure Software: 4.5.1


CPE
External links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh


Q & A


Can this vulnerability be exploited remotely?


Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.


Is there known malware, which exploits this vulnerability?


No. We are not aware of malware exploiting this vulnerability.




Support the originator by clicking the read the rest link below.
improper authentication cisco enterprise infrastructure software
Read The Rest from the original source
cybersecurity-help.cz

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!