Cisco has disclosed a critical flaw affecting its ENCS 5400-W Series and CSP 5000-W Series appliances, which is due to their software containing user accounts with a default, static password.
During internal testing Cisco discovered its Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for the appliances have user accounts with the fixed password.
The default password means a remote attacker without credentials could log into the NFVIS command-line interface of a vulnerable device with administrator privileges.
Cisco has also posted two more high-severity advisories that can be addressed by installing software updates it recently made available.
Multiple vulnerabilities affect Cisco’s Video Surveillance 8000 Series IP Cameras and may allow an unauthenticated attacker in the same broadcast domain as the vulnerable camera to knock it offline.