Security News > 2021 > September > Cisco Patches Critical Authentication Bug With Public Exploit

Cisco Patches Critical Authentication Bug With Public Exploit
2021-09-02 15:41

Cisco has patched a near-max critical bug in its NFVIS software for which there's a publicly available proof-of-concept exploit.

On Wednesday, Cisco released patches for the flaw - an authentication bypass vulnerability in Enterprise NFV Infrastructure Software that's tracked as CVE-2021-34746.

Cisco Enterprise NFVIS is a Linux-based piece of infrastructure software that helps service providers and other customers to deploy virtualized network functions, such as virtual routers and firewalls, as well as WAN acceleration, on supported Cisco devices.

"An attacker could exploit this vulnerability by injecting parameters into an authentication request," Cisco explained in its security advisory.

A month ago, Cisco revealed that a remote code execution vulnerability in its Adaptive Security Device Manager Launcher that it disclosed in July was a zero-day bug that still hasn't been fixed.

" A successful exploit could allow the attacker to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher," Cisco said.


News URL

https://threatpost.com/cisco-patches-critical-authentication-bug-with-public-exploit/169146/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-02 CVE-2021-34746 Improper Authentication vulnerability in Cisco Enterprise NFV Infrastructure Software
A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator.
network
low complexity
cisco CWE-287
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2048 21 1790 1683 288 3782