Cisco addressed over a dozen vulnerabilities in its products, including three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software.
Cisco released security updates to address over a dozen vulnerabilities affecting multiple products, including three critical flaws impacting its ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software.
The most severe vulnerability addressed by the IT giant, tracked as CVE-2021-1388, is remote bypass authentication issue that affects an API endpoint of the ACI Multi-Site Orchestrator (MSO). The vulnerability received a CVSS score of 10.
“A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device.” reads the advisory published by Cisco.
“The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices.”
The flaw is caused by the improper validation of tokens, an attacker could trigger the issue by sending crafted requests to receive a token with administrator-level privileges that they could be used to authenticate to the API on affected MSO devices.
This flaw affects Cisco ACI Multi-Site Orchestrator (MSO) running software version 3.0 only when deployed on a Cisco Application Services Engine.
Cisco also addressed two unauthorized access vulnerabilities, tracked as CVE-2021-1393 and CVE-2021-1396, that affect the Application Services Engine. The most severe is the CVE-2021-1393, which received a CVSS score of 9.8.
“Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes.” reads the advisory.
The issues affect only Application Services Engine release 1.1.
Another critical flaw fixed by Cisco is the CVE-2021-1361 flaw that affects the NX-OS running on Nexus 3000 and Nexus 9000 series switches. The flaw received a CVSS score of 9.8, it could be exploited remotely to manipulate arbitrary files with root privileges, without authentication.
“A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device.” reads the advisory.
“A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing.”
The flaw affects Nexus 3000 series switches and Nexus 9000 series switches, in standalone NX-OS mode, running NX-OS software release 9.3(5) or release 9.3(6).
The good news is that Cisco is not aware of attacks in the wild exploiting these vulnerabilities.
The full list of flaws addressed by the tech company is available on the Cisco’s security portal.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Cisco)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
Cisco addressed over a dozen vulnerabilities in its products, including three critical bugs in ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software.
Cisco released security updates to address over a dozen vulnerabilities affecting multiple products, including three critical flaws impacting its ACI Multi-Site Orchestrator, Application Services Engine, and NX-OS software.
The most severe vulnerability addressed by the IT giant, tracked as CVE-2021-1388, is remote bypass authentication issue that affects an API endpoint of the ACI Multi-Site Orchestrator (MSO). The vulnerability received a CVSS score of 10.
“A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device.” reads the advisory published by Cisco.
“The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices.”
The flaw is caused by the improper validation of tokens, an attacker could trigger the issue by sending crafted requests to receive a token with administrator-level privileges that they could be used to authenticate to the API on affected MSO devices.
This flaw affects Cisco ACI Multi-Site Orchestrator (MSO) running software version 3.0 only when deployed on a Cisco Application Services Engine.
Cisco also addressed two unauthorized access vulnerabilities, tracked as CVE-2021-1393 and CVE-2021-1396, that affect the Application Services Engine. The most severe is the CVE-2021-1393, which received a CVSS score of 9.8.
“Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes.” reads the advisory.
The issues affect only Application Services Engine release 1.1.
Another critical flaw fixed by Cisco is the CVE-2021-1361 flaw that affects the NX-OS running on Nexus 3000 and Nexus 9000 series switches. The flaw received a CVSS score of 9.8, it could be exploited remotely to manipulate arbitrary files with root privileges, without authentication.
“A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device.” reads the advisory.
“A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration. For example, the attacker could add a user account without the device administrator knowing.”
The flaw affects Nexus 3000 series switches and Nexus 9000 series switches, in standalone NX-OS mode, running NX-OS software release 9.3(5) or release 9.3(6).
The good news is that Cisco is not aware of attacks in the wild exploiting these vulnerabilities.
The full list of flaws addressed by the tech company is available on the Cisco’s security portal.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Cisco)