Aci Multi-site Orchestrator
Vulnerabilities
4
Known exploited
0
Max CVSS
10
Top EPSS
0.14359
Severity breakdown
Critical
2
High
2
Medium
0
Low
0
Affected version ranges
3.0–3.0\(3m\)< 3.1\(1n\)
Also matched as (raw): aci_multi-site_orchestrator,application_policy_infrastructure_controller,aci multi-site orchestrator
Top vulnerabilities
CVE-2021-1388A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to improper token validation on a specific API endpoint. An attacker could exploit this vulnerability by sending a crafted request to the affected API. A successful exploit could allow the attacker to receive a token with administrator-level privileges that could be used to authenticate to the API on affected MSO and managed Cisco Application Policy Infrastructure Controller (APIC) devices.
BDU:2021-01102Уязвимость компонента API диспетчера межсайтовых политик Cisco ACI Multi-Site Orchestrator (MSO) существует из-за неправильной проверки токена. после ее освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить токен с правами администратора
CVE-2022-20921A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sending crafted HTTP requests. A successful exploit could allow an attacker who is authenticated with non-Administrator privileges to elevate to Administrator privileges on an affected device.
BDU:2022-05321Уязвимость компонента API диспетчера межсайтовых политик Cisco ACI Multi-Site Orchestrator (MSO) связана с недостатками процедуры авторизации. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, повысить свои привилегии