Security News > 2021 > March > Cisco Releases Security Patches for Critical Flaws Affecting its Products
Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure Multi-Site Orchestrator that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices.
Separately, the company also patched multiple flaws in Cisco Application Services Engine that could grant a remote attacker to access a privileged service or specific APIs, resulting in capabilities to run containers or invoke host-level operations, and learn "Device-specific information, create tech support files in an isolated volume, and make limited configuration changes."
Both the flaws were a result of insufficient access controls for an API running in the Data Network, Cisco noted.
Lastly, Cisco fixed a vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches running NX-OS, the company's network operating system used in its Nexus-branded Ethernet switches.
Cisco said Nexus 3000 and Nexus 9000 switches running Cisco NX-OS Software Release 9.3(5) or Release 9.3(6) are vulnerable by default.
The patches come weeks after Cisco rectified as many as 44 flaws in its Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as a root user and even cause a denial-of-service condition.
News URL
Related news
- Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (source)
- Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (source)
- Cisco creates architecture to improve security and sell you new switches (source)
- Governments issue alerts after 'sophisticated' state-backed actor found exploiting flaws in Cisco security boxes (source)
- 73% of SME security pros missed or ignored critical alerts (source)
- 10 Critical Endpoint Security Tips You Should Know (source)
- DHS establishes AI Safety and Security Board to protect critical infrastructure (source)
- U.S. Government Releases New AI Security Guidelines for Critical Infrastructure (source)