Cisco patched a critical flaw in its wide area network (WAN) software solution for enterprises, which if exploited could give remote, unauthenticated attackers administrator privileges.
The flaw exists in Cisco Virtual Wide Area Application Services (vWAAS), which is software that Cisco describes as a “WAN optimization solution.” It helps manage business applications that are being leveraged in virtual private cloud infrastructure. The flaw (CVE-2020-3446), which has a critical-severity CVSS score of 9.8 out of 10, exists because user accounts for accessing the software contain default passwords. That means an attacker could log in, via a default password, and thus potentially obtain administrator privileges.
“The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory,” according to Cisco’s Wednesday advisory.
vWAAS is hosted in compute appliances called Cisco Enterprise Network Compute Series (ENCS). These appliances are also used to deploy the Cisco Enterprise NFV Infrastructure Software (NFVIS), a software platform that implements full lifecycle management from the central orchestrator and controller for virtualized services.
This vulnerability specifically affects Cisco ENCS 5400-W Series and CSP 5000-W Series appliances if they are running Cisco vWAAS with NFVIS-bundled image releases 6.4.5, or 6.4.3d and earlier. The flaw is fixed in Cisco vWAAS with NFVIS-bundled image release 6.4.3e, 6.4.5a, and later releases.
While an attacker could be unauthenticated and remote, in order to exploit this vulnerability, they would need to be able to connect to the NFVIS command line interface (CLI) on an affected device. This would require access to one of the following:
- The Ethernet management port for the CPU on an affected ENCS 5400-W Series appliance.
- The first port on the four-port I350 PCIe Ethernet Adapter card on an affected CSP 5000-W Series appliance.
- A connection to the vWAAS software CLI and a valid user credential to authenticate on the vWAAS CLI first.
- Or a connection to the Cisco Integrated Management Controller (CIMC) interface of the ENCS 5400-W Series or CSP 5000-W Series appliance (and a valid user credential to authenticate to the CIMC first).
Cisco on Wednesday also issued patches for two high-severity vulnerabilities (CVE-2020-3506, CVE-2020-3507) in its Video Surveillance 8000 Series IP cameras, which could enable remote code execution and denial of services (DoS).
“Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP camera,” according to Cisco.
And, a high-severity flaw (CVE-2020-3443) found and fixed in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and execute commands with higher privileges.
It’s the age of remote working, and businesses are facing new and bigger cyber-risks – whether it’s collaboration platforms in the crosshairs, evolving insider threats or issues with locking down a much broader footprint. Find out how to address these new cybersecurity realities with our complimentary Threatpost eBook, 2020 in Security: Four Stories from the New Threat Landscape, presented in conjunction with Forcepoint. We redefine “secure” in a work-from-home world and offer compelling real-world best practices. Click here to download our eBook now.