1. Home
  2. CVE Database
  3. CVE-2020-3446
CRITICAL · 9.8

CVE-2020-3446

A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appl...

Vulnerability Description

A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoEncs 5406-W Firmware6.4\(1\)
CiscoEncs 5406-W-
CiscoEncs 5408-W Firmware6.4\(1\)
CiscoEncs 5408-W-
CiscoEncs 5412-W Firmware6.4\(1\)
CiscoEncs 5412-W-
CiscoCsp 5228-W Firmware6.4\(1\)
CiscoCsp 5228-W-
CiscoCsp 5436-W Firmware6.4\(1\)
CiscoCsp 5436-W-

Related Weaknesses (CWE)

CWE-798

References

FAQ

What is CVE-2020-3446?

CVE-2020-3446 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appl...

How severe is CVE-2020-3446?

CVE-2020-3446 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-3446?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Encs 5406-W Firmware, Cisco Encs 5406-W, Cisco Encs 5408-W Firmware, Cisco Encs 5408-W, Cisco Encs 5412-W Firmware.