4 matches found
Cisco Releases Security Patches for Critical Flaws Affecting its Products
Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure ACI Multi-Site Orchestrator MSO that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. "An attacker could exploit this vulnerability by sending a crafted...
Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products
What’s up? On Feb. 24, 2021, Cisco released many patches for multiple products, three of which require immediate attention by organizations if they are running affected systems and operating system/software configurations. They are detailed below: Cisco ACI Multi-Site Orchestrator Application...
CVE-2021-1388
A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint...
CVE-2021-1388
CVE-2021-1388 describes an authentication bypass in Cisco ACI Multi-Site Orchestrator (MSO) when deployed on the Application Services Engine. The root cause is improper token validation on a specific API endpoint, allowing an unauthenticated, remote attacker to obtain a token with administrator-l...