CVE-2020-3446

Name of the Vulnerable Software and Affected Versions: Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances (affected versions not specified)

Description: A vulnerability exists due to user accounts having default, static passwords. This could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device. A successful exploit could grant the attacker access to the NFVIS CLI with administrator privileges.

Recommendations: For Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances, consider changing the default, static passwords of user accounts to prevent unauthorized access. As a temporary workaround, restrict access to the NFVIS CLI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.