In 2020 Hard-coded usernames & passwords found in Cisco Virtual Wide Area Application Services (vWAAS). Patch now

Cloud security course specialists revealed the finding of a critical vulnerability in Virtual Wide Area Application Services (vWAAS), a virtual deployment for both enterprise and service provider, that accelerates commercial applications delivered from virtual and private private cloud infrastructure. According to the report, the successful exploitation of these flaws would allow threat actors to gain full control of the target system.

Below is a brief overview of the reported flaw, in addition to its identification key and score according to the Common Vulnerability Scoring System (CVSS).

CVE-2020–3446: The presence of hard-coded credentials in Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS) would allow unauthenticated remote malicious to access the affected system.

According to cloud security course experts, successful exploitation of this flaw could compromise the vulnerable system altogether.

Vulnerable Cisco Wide Area Application Services versions are: 6.0(1), 6.1(1), 6.2(1), 6.2(3), 6.2 (3a), 6.2(3b), 6.2(3c), 6.2(3e) 31, 6.2(3e) 40, 6.3(1), 6.4(1), 6.4(3d). This vulnerability affects Cisco ENCS 5400-W and CSP 5000-W series devices if you are running Cisco vWAAS with versions 6.4.5 or 6.4.3d of images packaged with NFVIS and earlier.

This is considered a critical vulnerability and received a CVSS score of 8.5/10.

While cloud security course specialists mention that the flaw can be exploited by remote threat actors over the Internet, attempts to exploit actively or any malware related to the attack have not yet been detected. Updates are ready, so administrators of affected deployments are encouraged to update as soon as possible.

Originally published at https://www.securitynewspaper.com on August 20, 2020.

--

--

--

Knowledge belongs to the world

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The missing ingredient: designing a tech future we’d actually want to live in

My experience with Felixo Exchange.

A very exciting July has come to an end, and there are lots of news to share!🤩

{UPDATE} Jogo da Vida Hack Free Resources Generator

How To Delete Google Account On Phone Or Computer

“Sensitive” says who?

STIR/SHAKEN Caller ID Authentication

{UPDATE} Jigsaw Puzzle Board Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eli Cyber Security

Eli Cyber Security

Knowledge belongs to the world

More from Medium

Can I use penicillin on my malware infection?

How to temporarily fix SpringShell? Zero-day vulnerability in Spring Core

Introduction || Ethical Hacking — Part 1.1

Can you hack someone’s iPhone and access the camera?