Security News > 2020 > August > Default Credentials Expose Cisco ENCS, CSP Appliances to Attacks
Cisco informed customers on Wednesday that it has patched a critical default credentials vulnerability affecting some configurations of its ENCS 5400-W series and CSP 5000-W series appliances.
The Cisco Cloud Services Platform for WAAS is a hardware platform designed for the deployment of datacenter network function virtualization, and the Cisco Enterprise Network Compute System is a hybrid platform for branch deployment and for hosting WAAS applications.
Internal security testing conducted by Cisco revealed that the virtual WAAS with Enterprise NFV Infrastructure Software-bundled images for ENCS 5400-W series and 5000-W series appliances includes a default, static password.
"Cisco has confirmed that this vulnerability does not affect standalone NFVIS running on Cisco ENCS 5000 Series and Cisco CSP 5000 Series devices, and it does not affect standalone vWAAS software or WAAS software running on Cisco Wide Area Virtualization Engine appliances," the company noted in its advisory.
Cisco says it's not aware of any attacks exploiting these vulnerabilities.
News URL
Related news
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- New Cisco ASA and FTD features block VPN brute-force password attacks (source)