Cisco Critical Flaw Patched in WAN Software Solution


Cisco patched a critical flaw in its wide area network (WAN) software solution for enterprises, which if exploited could give remote, unauthenticated attackers administrator privileges.

The flaw exists in Cisco Virtual Wide Area Application Services (vWAAS), which is software that Cisco describes as a “WAN optimization solution.” It helps manage business applications that are being leveraged in virtual private cloud infrastructure. The flaw (CVE-2020-3446), which has a critical-severity CVSS score of 9.8 out of 10, exists because user accounts for accessing the software contain default passwords. That means an attacker could log in, via a default password, and thus potentially obtain administrator privileges.

Read more…
Source: ThreatPost