Cisco addressed a critical default credentials vulnerability (CVE-2020-3446) affecting some configurations of its ENCS 5400-W and CSP 5000-W series appliances. Experts revealed that the virtual WAAS (vWAAS) with Enterprise NFV Infrastructure Software (NFVIS)-bundled images for the appliances includes a default, static password. The vulnerability, rated as critical, has received a CVSS Score of 9.8.8. The issue can be exploited by an attacker who can connect to the targeted devices NFVIS CLI.”]
Source: https://securityaffairs.co/wordpress/107354/security/cisco-cve-2020-3446-default-credentials.html

