A critical vulnerability in Cisco Systems’ intersite policy manager software could allow a remote attacker to bypass authentication.
The vulnerability is one of three critical flaws fixed by Cisco on this week. It exists in Cisco’s ACI Multi-Site Orchestrator (ACI MSO) — this is Cisco’s management software for businesses, which allows them to monitor the health of all interconnected policy-management sites.
The flaw stems from improper token validation on an API endpoint in Cisco’s ACI MSO.
Read more…
Source: ThreatPost