Security News > 2021 > February > Cisco fixes maximum severity MSO auth bypass vulnerability
Cisco has addressed a maximum severity authentication bypass vulnerability found in the API endpoint of the Cisco ACI Multi-Site Orchestrator installed on the Application Services Engine.
"A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device," Cisco explained.
Unauthenticated attackers may bypass authentication remotely on affected devices by sending a crafted request to exploit the improper token validation bug affecting the CISCO ACI MSO API endpoint.
The vulnerability only impacts Cisco ACI MSO 3.0 versions and ONLY when deployed on a Cisco Application Services Engine unified application hosting platform.
Today, Cisco also addressed a critical severity unauthorized access vulnerability in the Cisco Application Services Engine.
The company also patched five more security vulnerabilities affecting Cisco FXOS Software, Cisco NX-OS Software, and Cisco UCS Software, with severity ratings ranging from high severity up to critical.