A critical vulnerability in a Cisco product designed to help service providers and enterprises deploy virtualized networks can allow unauthenticated actors to bypass authentication.
The security flaw, which was assigned a near-maximum CVSS score of 9.8, is present in the TACACS+ authentication, authorization, and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS).
Cisco Enterprise NFVIS “helps dynamically deploy virtualized network functions” such as a virtual router, firewall, and WAN acceleration, on a supported Cisco device.
The critical vulnerability, which was found by Cyrille Chatras of Orange Group, can enable a remote, unauthenticated attacker to bypass authentication checks and log in as an administrator on an affected device.
Patch immediately
A security advisory from Cisco explains that the vulnerability is present due to incomplete validation of user-supplied input that is passed to an authentication script.
“An attacker could exploit this vulnerability by injecting parameters into an authentication request,” it reads, bypassing such request and logging into the device.
The vulnerability affects Cisco Enterprise NFVIS Release 4.5.1 if the TACACS external authentication method is configured.
Cisco is urging users to updated to the latest version as soon as possible to protect against the issue, as a proof-of-concept exploit has allegedly already been made public.
