September 26, 2023

Cisco has patched two high-severity vulnerabilities affecting components of its Application Centric Infrastructure software-defined networking solution.

The first flaw tracked as, CVE-2023-20011, impacts the management interface of the Cisco Application Policy Infrastructure Controller (APIC) and Cloud Network Controller. APIC is the unified point of automation and management for ACI.

The vulnerability can be exploited by a remote, unauthenticated attacker to conduct cross-site request forgery attacks by tricking a user into clicking on a malicious link. The attacker could then conduct activities on the targeted system with the privileges of the compromised user.

Advertisements

The second flaw is a high-severity issue, tracked as CVE-2023-20089 which affects Cisco Nexus 9000 series Fabric switches in ACI mode, and it can be exploited for DoS attacks by an unauthenticated, adjacent attacker. But several conditions need to be met for exploitation.

Cisco also patched medium-severity flaws in other products, UCS Manager and FXOS software issue that exposes backup files, a command injection bug in NX-OS, a command injection in Firepower appliances, and an authentication bypass vulnerability in Nexus extenders.

Tags:

Leave a Reply

You may have missed

Sony attack – Ransomed.vc claims responsibility

September 26, 2023

Chrome Zeroday – CVE-2023-4863 PoC Exploit Released

September 25, 2023

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023

MGM Resorts and Ceasars Attacks – Lesson Learnt

September 23, 2023

CISA KEV Update September 2023 – Part II

September 23, 2023
%d bloggers like this: