Security News > 2021 > March > Cisco Releases Security Patches for Critical Flaws Affecting its Products

Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure Multi-Site Orchestrator that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices.

Separately, the company also patched multiple flaws in Cisco Application Services Engine that could grant a remote attacker to access a privileged service or specific APIs, resulting in capabilities to run containers or invoke host-level operations, and learn "Device-specific information, create tech support files in an isolated volume, and make limited configuration changes."

Both the flaws were a result of insufficient access controls for an API running in the Data Network, Cisco noted.

Lastly, Cisco fixed a vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches running NX-OS, the company's network operating system used in its Nexus-branded Ethernet switches.

Cisco said Nexus 3000 and Nexus 9000 switches running Cisco NX-OS Software Release 9.3(5) or Release 9.3(6) are vulnerable by default.

The patches come weeks after Cisco rectified as many as 44 flaws in its Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as a root user and even cause a denial-of-service condition.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/NGWUKC89skI/cisco-releases-security-patches-for.html