Cisco has notified customers of the availability of patches for two high-severity vulnerabilities affecting components of its Application Centric Infrastructure (ACI) software-defined networking solution.
One of these bugs, CVE-2023-20011, affects the Cisco Application Policy Infrastructure Controller (APIC) and Cloud Network Controller management interfaces. APIC is the single point of automation and management for ACI. This vulnerability could be exploited by a remote, unauthenticated attacker to perform cross-site request forgery (CSRF) attacks by tricking users into clicking on a malicious link.
The attacker could then perform activities on the target system with the privileges of the compromised user. The second critical issue, CVE-2023-20089, affects Cisco Nexus 9000 Series Fabric switches in ACI mode and can be exploited for denial-of-service (DoS) attacks by an unauthenticated neighbour attacker.
Read more: Cisco Patches High-Severity Vulnerabilities in ACI Components
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.