A critical vulnerability exists in NeuVector, a container security platform, due to the use of a hardcoded, default password for the administrative account. An attacker who knows this password can gain complete control over the platform, allowing them to disable security policies, access sensitive data, and compromise the entire containerized environment. This presents a severe risk of data breach and operational disruption.

The vulnerability lies in the use of a static, non-random default password for the built-in admin user account. An unauthenticated, remote attacker can exploit this by simply attempting to log in to the NeuVector management interface with the admin username and the known default password. A successful login grants the attacker the highest level of administrative privileges within the NeuVector platform.

This vulnerability is rated as critical severity with a CVSS score of 9.8, reflecting the ease of exploitation and the potential for complete system compromise. An attacker with administrative access can dismantle the organization's container security posture by modifying or deleting security policies, whitelisting malicious activity, and disabling runtime protections. This could lead to a catastrophic data breach, service outages, regulatory fines, and significant reputational damage. The compromised NeuVector instance could also serve as a pivot point for further attacks into the broader cloud and on-premise infrastructure.

Immediate Action: Update affected NeuVector instances to a version later than 5.4.5 as recommended by the vendor. If an immediate update is not possible, the highest priority action is to change the default password for the built-in admin account immediately. After taking action, monitor for any further exploitation attempts and review historical access logs for signs of a prior compromise.

Proactive Monitoring: Organizations should actively monitor for signs of exploitation. This includes reviewing authentication logs for successful logins using the admin account, especially from unknown or suspicious IP addresses. Monitor for unusual or unauthorized configuration changes, such as modifications to security policies, admission control rules, or user accounts.

Compensating Controls: If patching cannot be performed immediately, implement the following controls:

• Change Default Password: Immediately change the password for the admin account to a strong, unique value.
• Network Segmentation: Restrict access to the NeuVector management interface to trusted internal networks and authorized administrative personnel only.
• Identity and Access Management (IAM): Integrate NeuVector with a centralized identity provider (e.g., LDAP, SAML) and disable or limit the use of local built-in accounts.
• Multi-Factor Authentication (MFA): Enforce MFA for all administrative accounts where supported.

Public Exploit Available: true

Given the critical CVSS score of 9.8 and the trivial nature of exploitation, this vulnerability requires immediate attention. We strongly recommend that all affected NeuVector instances be patched or have their default administrative passwords changed without delay. Although this CVE is not currently on the CISA KEV list, its characteristics make it a prime candidate for future inclusion. Organizations should assume their systems are being actively targeted and perform a thorough audit of access logs to identify any unauthorized activity that may have occurred prior to remediation.