Cisco Issues Critical Fixes for High-End Nexus Gear
Cisco Systems recently released six security patches linked to its 9000 series networking gear. The patches range in severity from critical to medium. The most serious of the bugs patched by Cisco ranked 9.1 on the CVSS scale and could allow for a remote and unauthenticated adversary to read or write arbitrary files. The attacker could alter with an application protocol interface used in Cisco 9000 series switches that were created to manage the networking data center solution. The critical vulnerability impacts Cisco Application Infrastructure Controller, and the Cisco Cloud Application Policy Infrastructure Controller.
The vulnerability is linked to improper access control. This vulnerability can be exploited by using a specific API endpoint to upload a file onto a device affected by the bug. Cisco released a security bulletin on Wednesday detailing the flaws and subsequent fixes. Cisco stated that mitigations are available for all of the identified vulnerabilities. The company is not aware of any publicly known exploits for the patched bugs. Wednesday’s release included 15 patches.