News

Cisco warns of vulnerability via default password on ENCS and CSP router

By admin
Spread the love

Cisco has warned owners of the ENCS 5400-W and CSP 5000-W series network equipment of a bug where attackers can use a default password. That password cannot be changed, so there must be a software update.

Specifically, it concerns a vulnerability in Cisco’s virtualization software Enterprise NFV Infrastructure Software in Virtual Wide Area Application Services, or vWAAS, on the ENCS 5400-W and CSP 5000-W. According to Cisco, those devices contain user accounts with a default password. An attacker who can access the command line interface of the NFV Infrastructure software can easily log in with admin rights to the devices with such an account.

There are several options for getting into the command line, says Cisco. For example, it may be that Ethernet management is open to the outside, or an attacker can first establish a connection with the Integrated Management Controller.

Cisco writes that there is currently no work-around for the problem. However, the company has released a patch. The vulnerability, CVE-2020-3446, occurs in versions 6.4.5 and 6.4.3d or older of the NFV software.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Zeeland power grid is full, grid operator stops new requests from major consumers

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin