Critical Flaw in Cisco Systems Could Allow Attackers to Bypass Authentication
One of three critical flaws fixed by Cisco this week, the flaw exists in Cisco Systems’ intersite policy manager software and could allow a remote attacker to bypass authentication. Cisco’s ACI Multi-Site Orchestrator (ACI MSO) is Cisco’s manager software for businesses, which allows them to monitor the health of all interconnected policy-management sites. The flaw stems from improper token validation on an API endpoint in Cisco’s ACI MSO.
In their release, Cisco states “A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices.”
The vulnerability (CVE-2021-1388) ranks 10 (out of 10) on the CVSS vulnerability-rating scale. The glitch is considered critical because an attacker, without any authentication, could remotely exploit it, merely by sending a crafted request to the affected API.
Cisco said that ACI MSO versions running a 3.0 release of software are affected. However, they would have to be deployed on a Cisco Application Services Engine, which is the company’s unified application hosting platform for deploying data-center applications. ACI MSO can either be deployed as a cluster in Cisco Application Services Engine or deployed in nodes as virtual machines on a hypervisor.
Cisco said it’s not aware of any public exploits or “malicious use” of the vulnerability thus far.
Further Reading: