A high-severity Cisco bug has been made public, and Cisco released a patch this week. This is a maximum-security vulnerability and would allow a malicious actor to change any user or admin password. It has been given a CVSS rating of 10, which is the highest score possible. The public details about the bug have been kept to a minimum as a result of the bug’s severity. Cisco stated that “an attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device.”  

Read more: https://www.darkreading.com/vulnerabilities-threats/high-severity-cisco-bug-grants-attackers-password-access