Security News > 2021 > February > Cisco Warns of Critical Auth-Bypass Security Flaw
A critical vulnerability in Cisco Systems' intersite policy manager software could allow a remote attacker to bypass authentication.
The flaw stems from improper token validation on an API endpoint in Cisco's ACI MSO. "A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller devices," said Cisco on Wednesday.
The glitch is considered critical because an attacker - without any authentication - could remotely could exploit it, merely by sending a crafted request to the affected API. Cisco said that ACI MSO versions running a 3.0 release of software are affected.
Another critical flaw for Cisco exists in the Application Services Engine.
The flaw affects Cisco Application Services Engine Software releases 1.1(3d) and earlier.
In January, Cisco warned of a high-severity flaw in its smart Wi-Fi solution for retailers, which could allow a remote attacker to alter the password of any account user on affected systems.
News URL
https://threatpost.com/cisco-critical-security-flaw/164255/
Related news
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)