Security News > 2021 > August > Critical Flaw Discovered in Cisco APIC for Switches — Patch Released
Cisco Systems on Wednesday issued patches to address a critical security vulnerability affecting the Application Policy Infrastructure Controller interface used in its Nexus 9000 Series Switches that could be potentially abused to read or write arbitrary files on a vulnerable system.
" A successful exploit could allow the attacker to read or write arbitrary files on an affected device," the company said in an advisory.
The APIC appliance is a centralized, clustered controller that programmatically automates network provisioning and control based on the application requirements and policies across physical and virtual environments.
Cisco said it discovered the vulnerability during internal security testing by the Cisco Advanced Security Initiatives Group.
The network equipment major said it concluded its investigation into a new BadAlloc flaw in BlackBerry's QNX real-time operating system, reported on August 17 by the Canadian company.
"Cisco has completed its investigation into its product line to determine which products may be affected by this vulnerability. No products are known to be affected," it noted.
News URL
Related news
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)