WARNING:Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability (system privileges) - PoC available
CVE-2021-34746 CVSS: 9.8
Sources
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
Risks
Cisco reports that a proof-of-concept(PoC) exploit code is available.
There are no reportings of active exploitation, however, the availability of working PoC exploit code is an indicator that threat actors could leverage this vulnerability soon.
The Centre for Cyber security Belgium (CCB), urges system administrators to patch vulnerable Cisco Enterprise NFV Infrastructure Software (NFVIS) to version 4.6.1 and later if TACACS external authentication feature is configured.
NFVIS deployments are impacted by this vulnerability only if TACACS external authentication method is configured on a targeted device, which can be determined by running the "show running-config tacacs-server" command in the CLI (Command Line Interface) or via the Graphical User Interface (GUI). NFVIS deployments that are using RADIUS or local authentication as the authentication method are not affected.
Description
Recommended Actions
- The CCB advises administrators to assess if the TACACS external authentication feature is enabled on a device using the show running-config tacacs-server command or via the Graphical User Interface (GUI).
- The CCB recommends to all System administrators upgrade vulnerable devices to the latest versions released by the vendor.
- The CCB advises organizations to upscale monitoring and detection capabilities to detect any related suspicious activity to ensure a fast response in case of an intrusion
References
Cisco Issues Patch for Critical Enterprise NFVIS Flaw — PoC Exploit Available (thehackernews.com)