CVE-2021-1388
Last modified
CVE-2021-1388 is a critical-severity vulnerability rated 10/10 on the CVSS scale. A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. EPSS estimates a 14.36% chance of exploitation in the next 30 days.
Description
A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Aci Multi-Site Orchestrator | >= 3.0, < 3.0\(3m\) |
| Cisco | Application Policy Infrastructure Controller | 3.0\(3i\) |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-1388?
How severe is CVE-2021-1388?
How do I fix CVE-2021-1388?
Are you affected by CVE-2021-1388?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST