CISA introduced a notice this 7 days urging IT teams to update a Cisco program that has a important vulnerability.
The vulnerability impacts Cisco Organization Network Functionality Virtualization Infrastructure Software package Launch (NFVIS) 4.5.1, and Cisco produced program updates that deal with the vulnerability on Wednesday.
The vulnerability “could allow for an unauthenticated, distant attacker to bypass authentication and log in to an afflicted product as an administrator,” according to Cisco.
The vulnerability is in the TACACS+ authentication, authorization and accounting (AAA) aspect of NFVIS.
“This vulnerability is owing to incomplete validation of user-provided input that is handed to an