CISA released a note this week urging IT teams to update a Cisco system that has a critical vulnerability.
The vulnerability affects Cisco Enterprise Network Function Virtualization Infrastructure Software Release (NFVIS) 4.5.1, and Cisco released software updates that address the vulnerability on Wednesday.
The vulnerability “could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator,” according to Cisco.
The vulnerability is in the TACACS+ authentication, authorization and accounting (AAA) feature of NFVIS.
“This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and login as an administrator to the affected device,” Cisco said.
“There are no workarounds that address this vulnerability. To determine if a TACACS external authentication feature is enabled on a device, use the
The article CISA urges IT teams to address critical vulnerability affecting Cisco Enterprise Network Function Virtualization Infrastructure Software originally appeared on ZDNet.