VDB
CVE-2021-34746
CVE-2021-34746
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device.
EPSS 7.62% · 92.0th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
7.62%
92.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | N/A | |
| Cisco | Cisco Enterprise NFV Infrastructure Software | n/a |
| cisco | enterprise_nfv_infrastructure_software | 0 |
Exploit Intelligence
Timeline
- Sep 2, 2021 EPSS Score
- Sep 2, 2021 CVE Published
- Oct 30, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 22, 2022 EPSS Score
- Jun 19, 2022 EPSS Score
- Oct 14, 2022 EPSS Score
- Dec 10, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 5, 2023 EPSS Score