A critical vulnerability in Cisco Systems’ intersite policy manager software could allow a remote attacker to bypass authentication. Three critical flaws fixed by Cisco this week.
The vulnerabilities exist in Cisco’s ACI Multi-Site Orchestrator (ACI MSO) this is Cisco’s management software for businesses, which allows them to monitor the health of all interconnected policy-management sites.
The flaw originates from improper token validation on an API endpoint in Cisco’s ACI MSO. An attacker could exploit this vulnerability by sending a crafted request to the affected API.
A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices.
Critical Vulnerability- CVE-2021-1388- Easily Exploitable
The vulnerability ranks 10 (out of 10) on the CVSS vulnerability-rating scale. The glitch is considered critical…