TTCSIRT-346.08.28.20: TT-CSIRT ADVISORY – Cisco Critical Flaw Patched in WAN Software Solution

Cisco has issued a fix for a critical flaw in its Virtual Wide Area Application Services (vWAAS), software for optimizing WAN on virtual private cloud infrastructure.

The flaw (CVE-2020-3446), which has a critical-severity CVSS score of 9.8 out of 10, exists because user accounts for accessing the software contain default passwords.

That means an attacker could log in, via a default password, and thus potentially obtain administrator privileges.

For further information and support, please visit the following link:
https://threatpost.com/cisco-critical-flaw-patched-in-wan-software-solution/158485/

If you have any queries or comments with regards to this advisory, please feel free to contact TTCSIRT via contacts@ttcsirt.gov.tt