Security News > 2021 > September > Cisco Issues Patch for Critical Enterprise NFVIS Flaw — PoC Exploit Available
Cisco has patched a critical security vulnerability impacting its Enterprise Network Function Virtualization Infrastructure Software that could be exploited by an attacker to take control of an affected system.
The network equipment maker said it's aware of a publicly available proof-of-concept exploit code targeting the vulnerability, but added it's not detected any successful weaponization attempts in the wild.
The issue is caused due to incomplete validation of user-supplied input that's passed to an authentication script during the sign-in process, enabling an attacker to inject parameters into an authentication request.
"A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device," the company said in an advisory.
It's worth pointing out that enterprise NFVIS deployments are impacted by this vulnerability only if TACACS external authentication method is configured on a targeted device, which can be determined by running the "Show running-config tacacs-server" command.
The patches come a little over a week after Cisco rolled out updates to address a critical security vulnerability affecting the Application Policy Infrastructure Controller interface used in its Nexus 9000 Series Switches that could be potentially abused to read or write arbitrary files on a vulnerable system.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/62_Sa5DBHuY/cisco-issues-patch-for-critical.html
Related news
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)