Cisco has addressed a maximum severity authentication bypass vulnerability found in the Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine.

The vulnerability (CVE-2021-1388 rated with a CVSS score of 10) only impacts Cisco ACI MSO 3.0 version and only when deployed on a Cisco Application Services Engine platform. All customers are advised to immediately upgrade their installation to the Cisco ACI MSO 3.0(3m) release.

Cisco also addressed a critical severity unauthorized access vulnerabilities (CVE-2021-1393, CVE-2021-1396) in the Cisco Application Services Engine. The company also patched security vulnerabilities affecting Cisco FXOS Software and Cisco NX-OS Software.

A full list of all security flaws addressed by Cisco can be found on the company's Security Advisories page - cisco.com

Source: bleepingcomputer.com