A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices.
Metrics
Affected Vendors & Products
References
History
Sat, 09 Nov 2024 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2021-02-24T19:30:59.883640Z
Updated: 2024-11-08T23:37:25.253Z
Reserved: 2020-11-13T00:00:00
Link: CVE-2021-1388
Vulnrichment
Updated: 2024-08-03T16:11:17.029Z
NVD
Status : Modified
Published: 2021-02-24T20:15:13.660
Modified: 2024-11-21T05:44:14.400
Link: CVE-2021-1388
Redhat
No data.