March 27, 2023

Cisco has patched two high-severity vulnerabilities affecting components of its Application Centric Infrastructure software-defined networking solution.

The first flaw tracked as, CVE-2023-20011, impacts the management interface of the Cisco Application Policy Infrastructure Controller (APIC) and Cloud Network Controller. APIC is the unified point of automation and management for ACI.

The vulnerability can be exploited by a remote, unauthenticated attacker to conduct cross-site request forgery attacks by tricking a user into clicking on a malicious link. The attacker could then conduct activities on the targeted system with the privileges of the compromised user.

Advertisements

The second flaw is a high-severity issue, tracked as CVE-2023-20089 which affects Cisco Nexus 9000 series Fabric switches in ACI mode, and it can be exploited for DoS attacks by an unauthenticated, adjacent attacker. But several conditions need to be met for exploitation.

Cisco also patched medium-severity flaws in other products, UCS Manager and FXOS software issue that exposes backup files, a command injection bug in NX-OS, a command injection in Firepower appliances, and an authentication bypass vulnerability in Nexus extenders.

Tags:

Leave a Reply

You may have missed

Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
Dark Power Ransomware Dissection

Dark Power Ransomware Dissection

March 26, 2023
CatB Ransomware Dissection

CatB Ransomware Dissection

March 26, 2023
Microsoft Patches Acropalypse Vulnerability

Microsoft Patches Acropalypse Vulnerability

March 26, 2023
TheCyberThrone Security Week In Review – March 25th, 2023

TheCyberThrone Security Week In Review – March 25th, 2023

March 26, 2023
ChatGPT for Google- Harvest Facebook Accounts

ChatGPT for Google- Harvest Facebook Accounts

March 26, 2023
%d bloggers like this: