Security News > 2021 > September > Cisco Patches Critical Authentication Bug With Public Exploit
Cisco has patched a near-max critical bug in its NFVIS software for which there's a publicly available proof-of-concept exploit.
On Wednesday, Cisco released patches for the flaw - an authentication bypass vulnerability in Enterprise NFV Infrastructure Software that's tracked as CVE-2021-34746.
Cisco Enterprise NFVIS is a Linux-based piece of infrastructure software that helps service providers and other customers to deploy virtualized network functions, such as virtual routers and firewalls, as well as WAN acceleration, on supported Cisco devices.
"An attacker could exploit this vulnerability by injecting parameters into an authentication request," Cisco explained in its security advisory.
A month ago, Cisco revealed that a remote code execution vulnerability in its Adaptive Security Device Manager Launcher that it disclosed in July was a zero-day bug that still hasn't been fixed.
" A successful exploit could allow the attacker to execute arbitrary code on the user's operating system with the level of privileges assigned to the ASDM Launcher," Cisco said.
News URL
https://threatpost.com/cisco-patches-critical-authentication-bug-with-public-exploit/169146/
Related news
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Critical security hole in Apache Struts under exploit (source)
- Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-02 | CVE-2021-34746 | Improper Authentication vulnerability in Cisco Enterprise NFV Infrastructure Software A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. | 9.8 |