Cisco has addressed an almost maximum severity authentication bypass vulnerability in its Enterprise NFV Infrastructure Software (NFVIS). There is proof-of-concept (PoC) exploit code available in the public, which makes it more urgent for organizations to apply the patch. The bug, which is tracked as CVE-2021-34746, was found in the TACACS+ authentication, authorization, and accounting (AAA) of Cisco’s Enterprise NFV Infrastructure Software. The software is designed to help virtualize network services for easier management of virtual network functions. CVE-2021-34746 is caused by incomplete validation of user-supplied input passed to an authentication script during the sign-in process which allows unauthenticated, remote attackers to log into the unpatched device as an administrator.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in