Critical Vulnerability in Cisco Systems allows a Remote Attacker to Bypass Authentication

A critical vulnerability in Cisco Systems’ intersite policy manager software could allow a remote attacker to bypass authentication. Three critical flaws fixed by Cisco this week.

The vulnerabilities exist in Cisco’s ACI Multi-Site Orchestrator (ACI MSO)  this is Cisco’s management software for businesses, which allows them to monitor the health of all interconnected policy-management sites.

The flaw originates from improper token validation on an API endpoint in Cisco’s ACI MSO. An attacker could exploit this vulnerability by sending a crafted request to the affected API.

A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices.

Critical Vulnerability- CVE-2021-1388- Easily Exploitable

The vulnerability ranks 10 (out of 10) on the CVSS vulnerability-rating scale. The glitch is considered critical because an attacker, without any authentication, could remotely exploit it, simply by sending a crafted request to the affected API.

This vulnerability affects Cisco ACI Multi-Site Orchestrator (MSO) running a 3.0 release of software only when deployed on a Cisco Application Services Engine.

The MSO can be deployed in the following ways:

• MSO cluster in a Cisco Application Services Engine. The MSO software image can be identified by an ‘aci’ extension.
• MSO nodes deployed as VMs on a Hypervisor. The MSO software image can be identified by an ‘ova’ extension.

Vulnerability CVE-2021- 1361 Grants Root Privileges on Nexus Switches

The flaw has a CVSS score of 9.8 (out of 10) stems from the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests.

“An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075”, said Cisco. A successful exploit could allow the attacker to create, delete, or overwrite arbitrary files, including sensitive files that are related to the device configuration.

Nexus 3000 Series Switches and Nexus 9000 Series Switches in standalone NX-OS mode are vulnerable by default. Cisco has released free software updates that address the vulnerability. Users can check out Cisco’s security advisory.

Vulnerability (CVE-2021-1393)- Cisco Application Services Engine

A critical flaw exists in the Application Services Engine. This glitch could allow unauthenticated, remote attackers to gain privileged access to host-level operations. They would be able to glean device-specific information, create diagnostic files and make limited configuration changes.

The flaw affects Cisco Application Services Engine Software releases 1.1(3d) and earlier. It ranks 9.8 out of 10 on the CVSS scale.

“The vulnerability is due to insufficient access controls for a service running in the data network,” said Cisco. “An attacker could exploit this vulnerability by sending crafted TCP requests to a specific service. A successful exploit could allow the attacker to have privileged access to run containers or invoke host-level operations.”

Cisco has released free software updates that address the vulnerabilities. Customers may install and expect support for software versions and feature sets for which they have purchased a license.

You can follow us on Linkedin, Twitter, Facebook for daily Cyber security and hacking news updates.