CVE-2021-34746

CWE-289CWE-287Improper Authentication4 documents4 sources
Severity
9.8CRITICAL
EPSS
3.6%
top 12.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Enterprise NFV Infrastructure SoftwareCisco Cisco Enterprise NFV Infrastructure Software
Timeline
PublishedSep 2
Latest updateMay 24

Description

A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A succes

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-hjrv-6xv3-c6x3: A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) coul2022-05-24
CVEList
Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability2021-09-02

📋Vendor Advisories

1
Cisco
Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability2021-09-01
CVE-2021-34746 (CRITICAL CVSS 9.8) | A vulnerability in the TACACS+ auth | cvebase.io