The vulnerability allows a remote attacker to access the Virtual Network Computing (VNC) console session of an administrative user on an affected device.
The vulnerability exists due to an insufficient authentication mechanism used to establish a VNC session. A remote attacker can intercept an administrator VNC session request prior to login, watch the administrator console session or interact with it and gain admin access to the affected device.
Install updates from vendor's website.
Vulnerable software versions
Enterprise NFV Infrastructure Software: before 3.12.1