What is CVE-2021-1388 — Authentication Bypass in Cisco ACI Multi-Site Orchestrator?

CVE-2021-1388 is a critical vulnerability allowing unauthenticated attackers to bypass authentication in Cisco ACI Multi-Site Orchestrator, potentially gaining administrator access. It's due to improper token validation in a specific API endpoint, leading to privilege escalation.

Am I affected by CVE-2021-1388 in Cisco ACI Multi-Site Orchestrator?

You are affected if you are running a version of Cisco ACI Multi-Site Orchestrator prior to the release of a fix. Check Cisco's advisory for the specific affected versions and upgrade as soon as possible.

How do I fix CVE-2021-1388 in Cisco ACI Multi-Site Orchestrator?

The primary fix is to upgrade to a patched version of Cisco ACI Multi-Site Orchestrator. Until the upgrade, restrict API access and monitor for suspicious activity as temporary mitigations.

Is CVE-2021-1388 being actively exploited?

While no confirmed active exploitation campaigns are publicly known, the vulnerability's critical severity and ease of exploitation make it a high-priority target, and exploitation is likely.

Where can I find the official Cisco advisory for CVE-2021-1388?

Refer to the official Cisco Security Advisory for CVE-2021-1388 on the Cisco website. Search for 'CVE-2021-1388 Cisco' to locate the advisory.

CVE-2021-1388 — Vulnerability Details

NEXTGUARD

Escanear gratis

CVE-2021-1388 — Vulnerability Details | NextGuard

Pasos de Deteccióntraduciendo…

• linux / server: Monitor system logs (journalctl) for unusual API requests or authentication attempts. Look for patterns indicative of token manipulation.

journalctl -u aci-ms-orchestrator -f | grep -i "authentication bypass"

• cisco: Use Cisco's security monitoring tools to detect unauthorized API access attempts. Review Cisco Security Advisories for specific detection signatures. • generic web: Monitor network traffic for requests to the vulnerable API endpoint. Use intrusion detection systems (IDS) to identify suspicious patterns. • generic web: Check access logs for unusual user agent strings or IP addresses attempting to access the API endpoint.

Vulnerabilidad de omisión de autenticación en Cisco ACI Multi-Site Orchestrator Application Services Engine Deployment

Impacto y Escenarios de Ataque

Contexto de Explotación

Quién Está en Riesgotraduciendo…

Pasos de Deteccióntraduciendo…

Cronología del Ataque

Inteligencia de Amenazas

Software Afectado

Clasificación de Debilidad (CWE)

Cronología

Mitigación y Workarounds

Cómo corregirlo

Boletín de seguridad CVE

Preguntas frecuentestraduciendo…

What is CVE-2021-1388 — Authentication Bypass in Cisco ACI Multi-Site Orchestrator?

Am I affected by CVE-2021-1388 in Cisco ACI Multi-Site Orchestrator?

How do I fix CVE-2021-1388 in Cisco ACI Multi-Site Orchestrator?

Is CVE-2021-1388 being actively exploited?

Where can I find the official Cisco advisory for CVE-2021-1388?

¿Tu proyecto está afectado?