Cisco Patches High-Severity Vulnerabilities in ACI Software

February 23, 2023

Cisco has released patches for two high-severity vulnerabilities, CVE-2023-20011 and CVE-2023-20089, affecting components of its Application Centric Infrastructure (ACI) software-defined networking solution. CVE-2023-20011 is a cross-site request forgery (CSRF) vulnerability in the management interface of the Cisco Application Policy Infrastructure Controller (APIC) and Cloud Network Controller. It can be exploited by a remote, unauthenticated attacker to conduct activities on the targeted system with the privileges of the compromised user. CVE-2023-20089 is a denial-of-service (DoS) vulnerability in Cisco Nexus 9000 series Fabric switches in ACI mode. It can be exploited by an unauthenticated, adjacent attacker, but certain conditions need to be met for exploitation. In addition, Cisco has patched medium-severity flaws in several products, including a UCS Manager and FXOS software issue, a command injection bug in NX-OS, a command injection in Firepower appliances, and an authentication bypass vulnerability in Nexus extenders. The company has also released an informational advisory for a privilege escalation issue related to products running NX-OS software and configured for SSH authentication with an X.509v3 certificate. Finally, Cisco has updated its advisory for CVE-2023-20032, a recently addressed critical vulnerability affecting the ClamAV library.

Related News

• Cisco Patches Critical Vulnerability in ClamAV

Latest News

• Hundreds of R1Soft Servers Compromised Through CVE-2022-36537
• CISA Warns of Exploited Mitel MiVoice Connect Vulnerabilities
• VMware Issues Critical Fix for Vulnerability
• Exploiting Windows Backup and Restore Service Vulnerability
• Apple Updates Security Advisories to Add New iOS and macOS Vulnerabilities