CVE-2020-3446
A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password. The vulnerability exists because the affected software has user accounts with default, static passwords. An attacker with access to the NFVIS CLI of an affected device could exploit this vulnerability by logging into the CLI. A successful exploit could allow the attacker to access the NFVIS CLI with administrator privileges.
EPSS 1.64% · 82.3th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | csp_5436-w_firmware | *, 6.4\(3d\) |
| cisco | encs_5412-w_firmware | 6.4\(1\), 6.4\(3d\) |
| cisco | encs_5408-w_firmware | 6.4\(3d\), * |
| cisco | csp_5228-w_firmware | 6.4\(1\), 6.4\(3d\) |
| cisco | encs_5406-w_firmware | 6.4\(3d\), 6.4\(1\) |
| Cisco | Cisco Wide Area Application Services (WAAS) | n/a |
Exploit Intelligence
Timeline
- Aug 20, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smart-priv-esca-nqwxXWBu advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcameras-rce-dos-uPyJYxN3 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-encsw-cspw-cred-hZzL29A7 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-3446 advisory