CVE-2020-3180

Name of the Vulnerable Software and Affected Versions Cisco SD-WAN Solution Software (affected versions not specified)

Description The issue is related to the use of hardcoded credentials in the Cisco SD-WAN solution. An unauthenticated, local attacker could access an affected device by using an account with a default, static password that has root privileges. This could allow the attacker to log in with root privileges.

Recommendations For all affected versions, consider changing the default, static password of the affected account to a strong, unique password to prevent unauthorized access. As a temporary workaround, restrict access to the account with root privileges until a more permanent solution is available. Avoid using default or static passwords for any accounts, especially those with elevated privileges, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.