The CVE is for a software vulnerability. Network admins who have deployed tacquito (or versions of tacquito) in their production environments and use tacquito to perform command authorization for network devices should be impacted.