![\"\"](\"\/wp-content\/uploads\/2021\/06\/patch-watch-1-18.png\")
<\/p>\nCisco Systems had released security patches to address 54 unique vulnerabilities in September, ranging in importance from critical, high, and medium severity. We analyzed these weaknesses and spotlighted the most important vulnerabilities that ought to be fixed on priority.<\/p>\n
<\/p>\n
The 54 vulnerabilities that were patched in September include –<\/p>\n
2 CVEs classified as Remote Code Execution bugs<\/p>\n<\/li>\n
4 CVEs have Privilege Escalation capabilities<\/p>\n<\/li>\n
15 CVEs with Denial of Service<\/p>\n<\/li>\n
5 CVEs are Information Disclosure<\/p>\n<\/li>\n
2 CVEs are linked to Cross-Site Scripting.<\/p>\n<\/li>\n<\/ul>\n
Among these patched vulnerabilities, CVE-2021-34746 is found to be publicly disclosed.<\/p>\n
![\"\"](\"\/wp-content\/uploads\/2021\/06\/patch-watch-3-13.png\")
<\/p>\n
Cisco disclosed a zero-day bug that received a security update this September.<\/p>\n
The security issue tracked as CVE-2021-34746 affects Terminal Access Controller Access-Control System Plus (TACACS+) authentication, authorization, and accounting (AAA) of Cisco’s Enterprise NFV Infrastructure Software, a solution designed to aid Virtualization Network Services so that VFNs are managed easily.<\/p>\n
CVE-2021-34746 is caused by insufficient validation of user-supplied input given to an authentication script during the sign-in process. It allows unauthenticated, remote attackers to log in as an administrator on an unpatched device.<\/p>\n
This CVE has a CVSS score of 9.8 (critical) and is categorized under CWE-289 (Authentication Bypass by Alternate Name<\/a>).<\/p>\n A patch is now available for this authentication bypass vulnerability that was fixed in Cisco Enterprise NFVIS releases 4.6.1 and later.<\/p>\nSeverity Scores<\/strong><\/h2>\n
![\"\"](\"\/wp-content\/uploads\/2021\/06\/patch-watch-2-20.png\")
<\/p>\nCWE Analysis<\/strong><\/h2>\n
![\"\"](\"\/wp-content\/uploads\/2021\/06\/patch-watch-2-19.png\")
<\/p>\n