A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote malicious user to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the malicious user to bypass authentication and log in as an administrator to the affected device.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco enterprise nfv infrastructure software |
Get our weekly newsletter Plus: Other infosec news from this month
In brief Emails, chat logs, membership records, donor lists and other files siphoned from a far-right anti-government self-styled militia were leaked online on Monday, it appears. Some 5GB of data belonging to the Oath Keepers ‒ at least four of whom have been indicted for and admitted their role in the January 6 storming of the US capitol – was passed to the DDoSecrets Collective and shared online. The membership list contains accounts with 160 US government and military email addresses, th...