Cisco has issued a fix for a critical flaw in its software for optimizing WAN on virtual private cloud infrastructure. The flaw (CVE-2020-3446) has a critical-severity CVSS score of 9.8 out of 10. It exists because user accounts for accessing the software contain default passwords. An attacker could log in, via a default password, and thus potentially obtain administrator privileges. If exploited, an attacker would need to be able to connect to the NFVIS command line interface (CLI) on an affected device.
Source: https://threatpost.com/cisco-critical-flaw-patched-in-wan-software-solution/158485/