Cisco issues 3 critical warnings around ACI, NS-OX security holes
Tech giant issues patches for high-end software systems ACI, Application Services Engine and NX-OS operating system Credit: Dreamstime
Cisco has issued three security advisories rated “critical” for some of its high-end software systems - two aimed at its Application Services Engine (ASE) implementation and one at the NX-OS operating system.
The most concerning warning came for Cisco Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) installed with the ASE which was rated a worse-case scenario, 10 out of a possible 10 on the Common Vulnerability Scoring System (CVSS). The ACI Multi-Site Orchestrator lets customers control application-access policies across Cisco Application Policy Infrastructure Controller-based fabrics.
minute read
Share this article:
Cisco also stomped out a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches.
A critical vulnerability in Cisco Systems’ intersite policy manager software could allow a remote attacker to bypass authentication.
The vulnerability is one of three critical flaws fixed by Cisco on this week. It exists in Cisco’s ACI Multi-Site Orchestrator (ACI MSO) this is Cisco’s management software for businesses, which allows them to monitor the health of all interconnected policy-management sites.
The flaw stems from improper token validation on an API endpoint in Cisco’s ACI MSO.
Cisco fixes maximum severity MSO auth bypass vulnerability
By
04:03 PM
Cisco has addressed a maximum severity authentication bypass vulnerability found in the API endpoint of the Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine.
Cisco ACI MSO is an intersite network and policy orchestration solution that helps admins monitor the health of their organizations interconnected sites across multiple data centers.
Impacts only MSO 3.0 releases A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device, Cisco explained.
Cisco issues 3 critical warnings around ACI, NS-OX security holes arnnet.com.au - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from arnnet.com.au Daily Mail and Mail on Sunday newspapers.
Cisco issues 3 critical warnings around ACI, NS-OX security holes networkworld.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from networkworld.com Daily Mail and Mail on Sunday newspapers.