Security News > 2021 > February > Cisco Warns of Critical Auth-Bypass Security Flaw
A critical vulnerability in Cisco Systems' intersite policy manager software could allow a remote attacker to bypass authentication.
The flaw stems from improper token validation on an API endpoint in Cisco's ACI MSO. "A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller devices," said Cisco on Wednesday.
The glitch is considered critical because an attacker - without any authentication - could remotely could exploit it, merely by sending a crafted request to the affected API. Cisco said that ACI MSO versions running a 3.0 release of software are affected.
Another critical flaw for Cisco exists in the Application Services Engine.
The flaw affects Cisco Application Services Engine Software releases 1.1(3d) and earlier.
In January, Cisco warned of a high-severity flaw in its smart Wi-Fi solution for retailers, which could allow a remote attacker to alter the password of any account user on affected systems.
News URL
https://threatpost.com/cisco-critical-security-flaw/164255/
Related news
- Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Critical Cisco ISE bug can let attackers run commands as root (source)
- Don't Overlook These 6 Critical Okta Security Configurations (source)
- Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners (source)
- Juniper patches critical auth bypass in Session Smart routers (source)
- 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals (source)