CVE-2021-34746— Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-34746
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Enterprise NFV Infrastructure Software Authentication Bypass Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and log in to an affected device as an administrator. This vulnerability is due to incomplete validation of user-supplied input that is passed to an authentication script. An attacker could exploit this vulnerability by injecting parameters into an authentication request. A successful exploit could allow the attacker to bypass authentication and log in as an administrator to the affected device.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用候选名称进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Cisco Enterprise NFV Infrastructure Software 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Cisco Enterprise NFV Infrastructure Software(NFVIS)是美国思科(Cisco)公司的一套NVF基础架构软件平台。该平台可以通过中央协调器和控制器实现虚拟化服务的全生命周期管理。 Cisco Enterprise NFV Infrastructure Software 存在授权问题漏洞,该漏洞源于对传递给身份验证脚本的用户提供的输入的验证不完整。攻击者可以通过向身份验证请求中注入参数来绕过身份验证并以管理员身份登录受影响的设备。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Cisco Enterprise NFV Infrastructure Software | n/a | - |
II. Public POCs for CVE-2021-34746
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-34746
请登录查看更多情报信息。
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVhvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2021-34746
Same Patch Batch · Cisco · 2021-09-02 · 5 CVEs total
| CVE-2021-34732 | 6.1 MEDIUM | Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability |
| CVE-2021-34733 | 5.5 MEDIUM | Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disc |
| CVE-2021-34759 | 4.8 MEDIUM | Cisco Identity Services Engine Cross-Site Scripting Vulnerability |
| CVE-2021-34765 | 4.3 MEDIUM | Cisco Nexus Insights Authenticated Information Disclosure Vulnerability |
IV. Related Vulnerabilities
Same product: Cisco Enterprise NFV Infrastructure Software
- CVE-2026-20090
Cisco Integrated Management Controller Cross-Site Scripting - CVE-2026-20089
Cisco Integrated Management Controller Cross-Site Scripting - CVE-2026-20088
Cisco Integrated Management Controller Cross-Site Scripting - CVE-2026-20087
Cisco Integrated Management Controller Cross-Site Scripting - CVE-2026-20096
Cisco Integrated Management Controller Command Injection Vul
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-289
- CVE-2026-3184
Util-linux: util-linux: access control bypass due to imprope - CVE-2026-32036
OpenClaw < 2026.2.26- Authentication Bypass via Encoded Dot- - CVE-2026-23903
Apache Shiro: Auth bypass when accessing static files only o - CVE-2026-24058
Soft Serve has Critical Authentication Bypass - CVE-2025-14777
Keycloak: keycloak idor in realm client creating/deleting
V. Comments for CVE-2021-34746
No comments yet