Security News > 2021 > September > Patched: Critical bug with public PoC exploit in Cisco infrastructure virtualization software (CVE-2021-34746)

A critical vulnerability that affects Cisco Enterprise NFV Infrastructure Software has been patched and Cisco is urging enterprise admins to quickly upgrade to a fixed version, as proof-of-concept exploit code is already available.
The bug could be exploited by remote attackers to bypass authentication and log in to an affected device as an administrator.
"Linux-based infrastructure software designed to help service providers and enterprises to design, deploy and manage network services. Cisco Enterprise NFVIS helps dynamically deploy virtualized network functions, such as a virtual router, firewall, and WAN accelerator on supported Cisco devices," Cisco explains.
The vulnerability affects Cisco Enterprise NFVIS release 4.5.1, and has been fixed in releases 4.6.1 and later.
Even if proof-of-concept exploit code is available, there's no need for panic, as there is currently no evidence of the flaw being exploited by malicious actors.
To check whether your installation is vulnerable, follow the instructions provided by Cisco.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/mP9Ku_L-YQA/
Related news
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)