Platform
cisco
Component
cisco-aci-multi-site-orchestrator
CVE-2021-1388 is a critical authentication bypass vulnerability affecting Cisco ACI Multi-Site Orchestrator (MSO). This flaw allows an unauthenticated, remote attacker to bypass authentication and potentially gain administrator-level access to the system. The vulnerability impacts versions prior to a fix being released, and successful exploitation could lead to unauthorized control of the affected device and managed network infrastructure.
The impact of CVE-2021-1388 is severe. An attacker exploiting this vulnerability can obtain a token with administrator privileges, effectively granting them complete control over the Cisco ACI Multi-Site Orchestrator. This allows for unauthorized configuration changes, data exfiltration, and potentially, lateral movement within the network. The attacker could manipulate application policies, disrupt network services, and compromise the confidentiality, integrity, and availability of the entire ACI environment. This vulnerability shares similarities with other API authentication bypasses where improper token validation is the root cause, potentially allowing for widespread compromise if not addressed promptly.
CVE-2021-1388 was publicly disclosed on February 24, 2021. While no active exploitation campaigns have been definitively confirmed, the vulnerability's critical severity and ease of exploitation make it a high-priority target. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread exploitation.
Exploit Status
EPSS
1.96% (83% percentile)
CVSS Vector
The primary mitigation for CVE-2021-1388 is to upgrade to a fixed version of Cisco ACI Multi-Site Orchestrator as soon as it becomes available. Until the upgrade can be performed, implement temporary workarounds to reduce the attack surface. Restrict access to the vulnerable API endpoint by implementing strict network segmentation and access control lists (ACLs). Monitor API traffic for suspicious activity, specifically looking for unauthorized token requests. Consider implementing a Web Application Firewall (WAF) to filter malicious requests. After upgrading, verify the fix by attempting to access the API endpoint without authentication and confirming that access is denied.
Update the Cisco ACI Multi-Site Orchestrator software to a version that is not vulnerable. See the Cisco advisory for more details and specific upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2021-1388 is a critical vulnerability allowing unauthenticated attackers to bypass authentication in Cisco ACI Multi-Site Orchestrator, potentially gaining administrator access. It's due to improper token validation in a specific API endpoint, leading to privilege escalation.
You are affected if you are running a version of Cisco ACI Multi-Site Orchestrator prior to the release of a fix. Check Cisco's advisory for the specific affected versions and upgrade as soon as possible.
The primary fix is to upgrade to a patched version of Cisco ACI Multi-Site Orchestrator. Until the upgrade, restrict API access and monitor for suspicious activity as temporary mitigations.
While no confirmed active exploitation campaigns are publicly known, the vulnerability's critical severity and ease of exploitation make it a high-priority target, and exploitation is likely.
Refer to the official Cisco Security Advisory for CVE-2021-1388 on the Cisco website. Search for 'CVE-2021-1388 Cisco' to locate the advisory.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.