1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Cisco fixes critical authentication bypass bug in its enterprise

    From TechnologyDaily@1337:1/100 to All on Fri Sep 3 17:15:04 2021
    Cisco fixes critical authentication bypass bug in its enterprise software

    Date:
    Fri, 03 Sep 2021 16:04:53 +0000

    Description:
    Vulnerability was rated critical since it could be exploited remotely by anyone.

    FULL STORY ======================================================================

    Cisco has patched a critical authentication bypass bug in its Enterprise Network Function Virtualization Infrastructure Software (NFVIS) that could be exploited to allow a remote attacker to bypass authentication and log in as the devices administrator.

    Tracked as CVE-2021-34746 the vulnerability was discovered in NFVIS TACACS+ authentication, authorization and accounting (AAA) feature.

    This vulnerability is due to incomplete validation of user-supplied input
    that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request, Cisco shared in its advisory . TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << We've put together a
    list of the best endpoint protection software Check our list of the best firewall apps and services Here's our choice of the best malware removal software on the market

    Cisco describes Enterprise NFVIS as a Linux -based infrastructure software that helps businesses to deploy virtualized network functions, such as a virtual router , or a firewall on supported Cisco devices. Upgrade to
    mitigate

    According to Ciscos advisory, the vulnerability only exists in Enterprise NFVIS release v4.5.1. Even on devices running this vulnerable version, the
    bug can be exploited only if the TACACS external authentication method has been enabled.

    That said, in addition to the vulnerability being exploitable by unauthenticated users remotely, the fact that it has a publicly available proof-of-concept exploit code makes it a major threat.

    Cisco has stated that there are no workarounds to remove the attack vector exposed by this security flaw. Instead, the company urges all users to
    upgrade to Enterprise NFVIS release v4.6.1 or later, which ships with a fix for the vulnerability.

    The company has meanwhile assured users that it isnt aware of any ongoing exploitation of the vulnerability in the wild. Protect your devices with
    these best antivirus software



    ======================================================================
    Link to news story: https://www.techradar.com/news/cisco-fixes-critical-authentication-bypass-bug- in-its-enterprise-software/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)