Cisco has addressed several maximum or critical severity vulnerabilities in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO), Cisco Application Services Engine, and NX-OS an internal file management service.
The patches follow closely another 44 flaws that the company patched in its Small Business routers that could allow an attacker to execute arbitrary code and cause a denial-of-service condition.
The ACI Orchestrator is used to monitor and manage application-access networking policies for Cisco APIC-based devices. An attacker could exploit this vulnerability to bypass authentication on vulnerable devices by sending a crafted request to the affected API.
“A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices,” the company said in an announcement yesterday.
The bug affected ACI MSO versions running a 3.0 release of the software is knows as CVE-2021-1388 and ranks 10 out of 10 on the CVSS vulnerability scoring system.
It abuses an improper token validation in an API endpoint of Cisco ACI MSO.
The company has also announced patches for two flaws in Cisco Application Services Engine, CVE-2021-1393 and CVE-2021-1396, that could grant a remote attacker access to a privileged service or specific APIs, resulting “in capabilities to run containers or invoke host-level operations, and learn device-specific information, create tech support files in an isolated volume, and make limited configuration changes,” CISCO explained.
These bugs had a CVSS score of 9.8 and stemmed from insufficient access controls for an API running in the Data Network, Cisco noted.
The three flaws had been discovered during internal security testing. The company detected no attempts to exploit the vulnerabilities in the wild.
Lastly, Cisco issued patched a vulnerability CVE-2021-1361, CVSS score 9.8, in an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches. These switches run the NX-OS network operating system, also used in the company’s Nexus-branded Ethernet switches.
By abusing this one, a bad actor could add a user account without the device administrator’s knowledge and create, delete, or overwrite files with root privileges on a compromised device.
“This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests,” Cisco outlined in the advisory. “An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075.”