Cisco Warns of Critical Auth-Bypass Security Flaw

A critical vulnerability in Cisco Systems’ intersite policy manager software could allow a remote attacker to bypass authentication.

The vulnerability is one of three critical flaws fixed by Cisco on this week. It exists in Cisco’s ACI Multi-Site Orchestrator (ACI MSO) — this is Cisco’s management software for businesses, which allows them to monitor the health of all interconnected policy-management sites.

The flaw stems from improper token validation on an API endpoint in Cisco’s ACI MSO.

Read more…
Source: ThreatPost