CVE-2021-1388

CWE-269Improper Privilege Management4 documents4 sources
Severity
10.0CRITICAL
EPSS
2.0%
top 16.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco ACI Multi-site OrchestratorCisco Cisco ACI Multi-site Orchestrator SoftwareCisco Application Policy Infrastructure Controller
Timeline
PublishedFeb 24
Latest updateMay 24

Description

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges tha

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages3 packages

NVDcisco/aci_multi-site_orchestrator3.03.0\(3m\)

🔴Vulnerability Details

2
GHSA
GHSA-m8g7-f94v-5fp8: A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthentica2022-05-24
CVEList
Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass Vulnerability2021-02-24

📋Vendor Advisories

1
Cisco
Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment Authentication Bypass Vulnerability2021-02-24
CVE-2021-1388 (CRITICAL CVSS 10) | A vulnerability in an API endpoint | cvebase.io