CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-1388

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1230%
EPSS Percentile20.46th
Published2021年2月24日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices.

Affected Platforms (CPE)

📦
Cisco

Aci Multi Site Orchestrator

>= 3.0 and < 3.0\(3m\)
📦
Cisco

Application Policy Infrastructure Controller

= 3.0\(3i\)

References & Advisories

🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-authbyp-bb5GmBQv
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-authbyp-bb5GmBQv

相關漏洞威脅

CVE-2021-15788.8

A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...