Cisco has addressed a maximum severity vulnerability in the API endpoint of their Cisco ACI Multi-Site Orchestrator (MSO). The flaw would allow a remote attacker to bypass authentication on the Application Services Engine and could allow an unauthenticated attacker access to the device. By sending a specifically crafted request to exploit the improper token validation bug affecting the ACI MSO API endpoint, and an attacker could be able to get an authentication token that would allow them access with “admin” level privileges. The vulnerability is tracked as CVE-2021-1388 and came with a severity score of ten out of ten. The vulnerability only affects Cisco API MSO 3.9 versions and only when deployed on a Cisco Applications Service Engine unified application hosting platform. Cisco has addressed this issue with a patch.
Analyst Notes
As with any product, administrators are advised to update to the most recent versions as soon as they come out to prevent vulnerabilities from being exploited. The most recent version is Cisco ACI MSO 3.0(3m) and addresses the critical vulnerability. Cisco stated that they are currently not aware of any active attacks that exploit this vulnerability. Now that the vulnerability is public, threat actors may begin to take advantage of it, so it is important to patch systems. Even if attackers do not target the vulnerability immediately, many threat actors will go back and try to use old vulnerabilities when attacking a company to prey on those who fail to patch systems.
More can be read here: https://www.bleepingcomputer.com/news/security/cisco-fixes-maximum-severity-mso-auth-bypass-vulnerability/
