This security bulletin contains one high risk vulnerability.
The vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series. A remote unauthenticated attacker can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.Mitigation
Install updates from vendor's website.
This vulnerability affects Cisco ENCS 5400-W Series and CSP 5000-W Series appliances if they are running Cisco vWAAS with NFVIS-bundled image releases 6.4.5, or 6.4.3d and earlier.Vulnerable software versions
Cisco Wide Area Application Services: 6.0.1 - 6.4.3dFixed software versions
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?