Security News > 2021 > February > Cisco Warns of Critical Auth-Bypass Security Flaw
A critical vulnerability in Cisco Systems' intersite policy manager software could allow a remote attacker to bypass authentication.
The flaw stems from improper token validation on an API endpoint in Cisco's ACI MSO. "A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller devices," said Cisco on Wednesday.
The glitch is considered critical because an attacker - without any authentication - could remotely could exploit it, merely by sending a crafted request to the affected API. Cisco said that ACI MSO versions running a 3.0 release of software are affected.
Another critical flaw for Cisco exists in the Application Services Engine.
The flaw affects Cisco Application Services Engine Software releases 1.1(3d) and earlier.
In January, Cisco warned of a high-severity flaw in its smart Wi-Fi solution for retailers, which could allow a remote attacker to alter the password of any account user on affected systems.
News URL
https://threatpost.com/cisco-critical-security-flaw/164255/
Related news
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
- ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws (source)
- ASUS warns of critical remote authentication bypass on 7 routers (source)
- ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models (source)
- Snowblind malware abuses Android security feature to bypass security (source)
- Hackers target new MOVEit Transfer critical auth bypass bug (source)
- Juniper Networks Releases Critical Security Update for Routers (source)
- Critical Exim bug bypasses security filters on 1.5 million mail servers (source)
- Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager (source)