Cisco Nexus 9000 Information Disclosure (CVE-2023-20185)

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the cipher...

CVE-2023-20185

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the cipher...

Vulnerability discovered in Cisco ACI Multi-Site CloudSec Encryption

Cisco has discovered in internal testing that the encryption as used with ACI Multi-Site CloudSec is not sufficient to provide adequate protection in the event of a man-in-the-middle attack. A malicious party capable of tapping the encrypted traffic between two ACI sites, and has sufficient...

CVE-2022-20921

A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator MSO could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sendi...

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates for vulnerabilities affecting ACI Multi-Site Orchestrator, FXOS, and NX-OS software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Securi...

Vulnerability fixed in Cisco ACI Multi-Site Orchestrator

Cisco has fixed a vulnerability in ACI Multi-Site Orchestrator. An authenticated malicious party can exploit the exploit the vulnerability to grant itself elevated privileges and execute commands under Administrator privileges. Cisco has released updates to fix the vulnerability in ACI Multi-Site...

Cisco Application Policy Infrastructure Controller Elevation of Privilege Vulnerability (CNVD-2021-68724)

Cisco Application Policy Infrastructure Controller APIC is an automated infrastructure deployment and governance solution from Cisco USA.Cisco Application Policy Infrastructure An elevation of privilege vulnerability exists in the API endpoint of the Controller, which can be exploited by an...

CVE-2021-1578 Cisco Application Policy Infrastructure Controller Privilege Escalation Vulnerability

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Application Policy Infrastructure Controller Cloud APIC could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device. This vulnerability is d...

Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass (cisco-sa-mso-authbyp-bb5GmBQv)

According to its self-reported version, a vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper tok...

CVE-2021-1388

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint...

CVE-2021-1388 Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass Vulnerability

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint...

Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass Vulnerability

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint...