Lucene search
+L

4 matches found

The Hacker News
The Hacker News
added 2021/02/26 8:11 a.m.63 views

Cisco Releases Security Patches for Critical Flaws Affecting its Products

Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure ACI Multi-Site Orchestrator MSO that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. "An attacker could exploit this vulnerability by sending a crafted...

10CVSS1.6AI score0.14359EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2021/02/25 3:14 p.m.88 views

Multiple Unauthenticated Remote Code Control and Execution Vulnerabilities in Multiple Cisco Products

What’s up? On Feb. 24, 2021, Cisco released many patches for multiple products, three of which require immediate attention by organizations if they are running affected systems and operating system/software configurations. They are detailed below: Cisco ACI Multi-Site Orchestrator Application...

10CVSS1.2AI score0.14359EPSS
Exploits0
NVD
NVD
added 2021/02/24 8:15 p.m.19 views

CVE-2021-1388

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator MSO installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint...

10CVSS0.14359EPSS
Exploits0References1
CVE
CVE
added 2021/02/24 7:30 p.m.105 views

CVE-2021-1388

CVE-2021-1388 describes an authentication bypass in Cisco ACI Multi-Site Orchestrator (MSO) when deployed on the Application Services Engine. The root cause is improper token validation on a specific API endpoint, allowing an unauthenticated, remote attacker to obtain a token with administrator-l...

10CVSS9.6AI score0.14359EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder