Security News > 2021 > September > Cisco Patches Critical Authentication Bug With Public Exploit
Cisco has patched a near-max critical bug in its NFVIS software for which there's a publicly available proof-of-concept exploit.
On Wednesday, Cisco released patches for the flaw - an authentication bypass vulnerability in Enterprise NFV Infrastructure Software that's tracked as CVE-2021-34746.
Cisco Enterprise NFVIS is a Linux-based piece of infrastructure software that helps service providers and other customers to deploy virtualized network functions, such as virtual routers and firewalls, as well as WAN acceleration, on supported Cisco devices.
"An attacker could exploit this vulnerability by injecting parameters into an authentication request," Cisco explained in its security advisory.
A month ago, Cisco revealed that a remote code execution vulnerability in its Adaptive Security Device Manager Launcher that it disclosed in July was a zero-day bug that still hasn't been fixed.
" A successful exploit could allow the attacker to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher," Cisco said.
News URL
https://threatpost.com/cisco-patches-critical-authentication-bug-with-public-exploit/169146/
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Cisco warns of denial of service flaw with PoC exploit code (source)
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Critical Cisco ISE bug can let attackers run commands as root (source)
- Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software (source)
- Hackers exploit authentication bypass in Palo Alto Networks PAN-OS (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-02 | CVE-2021-34746 | Improper Authentication vulnerability in Cisco Enterprise NFV Infrastructure Software A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. | 9.8 |