CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2021-1388

CVSS 10.0v3.1pub. 2021-02-24upd. 2024-11-21

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Cisco Aci Multi Site Orchestrator

    APP
    Cisco
    3.0 – 3.0\(3m\) (bez)
  • Cisco Application Policy Infrastructure Controller

    APP
    Cisco
    3.0\(3i\)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2021-1577CRITICAL9.1ten sam produkt

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Clou...

CVE-2021-1393CRITICAL9.8ten sam produkt

Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker ...

CVE-2021-1396CRITICAL9.8ten sam produkt

Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker ...

CVE-2023-20011HIGH8.8ten sam produkt

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (A...

CVE-2022-20921HIGH8.8ten sam produkt

A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authentica...