CVE-2020-3446
published 2020-08-26CVE-2020-3446: A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS…
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.39%
68.9th percentile
A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_wide_area_application_services | — | — |
| cisco | csp_5228-w_firmware | — | — |
| cisco | csp_5228-w_firmware | — | — |
| cisco | csp_5436-w_firmware | — | — |
| cisco | csp_5436-w_firmware | — | — |
| cisco | encs_5406-w_firmware | — | — |
| cisco | encs_5406-w_firmware | — | — |
| cisco | encs_5408-w_firmware | — | — |
| cisco | encs_5408-w_firmware | — | — |
| cisco | encs_5412-w_firmware | — | — |
| cisco | encs_5412-w_firmware | — | — |
| cisco | vwaas_for_cisco_encs_5400-w_series_and_csp_5000-w_series_default_credentials | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated remote login attempts to the NFVIS CLI using default, static credentials on Cisco ENCS 5400-W Series and CSP 5000-W Series appliances ↗
- →Monitor for successful CLI authentication events on NFVIS-bundled vWAAS images, particularly from unexpected or external source IPs, as exploitation requires no prior authentication ↗
- ·The vulnerability is specific to Cisco vWAAS with NFVIS-bundled images on ENCS 5400-W Series and CSP 5000-W Series appliances only; other vWAAS deployments are not affected ↗
- ·No workarounds exist; the only remediation is applying the vendor-released software updates ↗
- ·Two separate bug IDs are tracked for this vulnerability, suggesting it may affect multiple code branches or product lines within scope ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7f6q-wx66-349m: A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for C
ghsa_unreviewed·2022-05-24
CVE-2020-3446 [HIGH] GHSA-7f6q-wx66-349m: A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for C
A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges.
Cisco
Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability
vendor_cisco·2020-08-19·CVSS 9.8
CVE-2020-3446 [CRITICAL] CWE-798 Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability
Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability
A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password.
The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges.
Cisco has relea
Cisco
Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability
vendor_cisco·CVSS 3.0
CVE-2020-3446 Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability
CVE-2020-3446: Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability
A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges. Ci
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-08-26
Published