cbcvebase.
CVE-2020-3446
published 2020-08-26

CVE-2020-3446: A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.39%
68.9th percentile
A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges.

Affected

12 ranges
VendorProductVersion rangeFixed in
ciscocisco_wide_area_application_services
ciscocsp_5228-w_firmware
ciscocsp_5228-w_firmware
ciscocsp_5436-w_firmware
ciscocsp_5436-w_firmware
ciscoencs_5406-w_firmware
ciscoencs_5406-w_firmware
ciscoencs_5408-w_firmware
ciscoencs_5408-w_firmware
ciscoencs_5412-w_firmware
ciscoencs_5412-w_firmware
ciscovwaas_for_cisco_encs_5400-w_series_and_csp_5000-w_series_default_credentials

Detection & IOCsextracted from sources · hover to see the quote

  • Detect unauthenticated remote login attempts to the NFVIS CLI using default, static credentials on Cisco ENCS 5400-W Series and CSP 5000-W Series appliances
  • Monitor for successful CLI authentication events on NFVIS-bundled vWAAS images, particularly from unexpected or external source IPs, as exploitation requires no prior authentication
  • ·The vulnerability is specific to Cisco vWAAS with NFVIS-bundled images on ENCS 5400-W Series and CSP 5000-W Series appliances only; other vWAAS deployments are not affected
  • ·No workarounds exist; the only remediation is applying the vendor-released software updates
  • ·Two separate bug IDs are tracked for this vulnerability, suggesting it may affect multiple code branches or product lines within scope

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.