Cisco Patches High-Severity Vulnerabilities in ACI Software
February 23, 2023
Cisco has released patches for two high-severity vulnerabilities, CVE-2023-20011 and CVE-2023-20089, affecting components of its Application Centric Infrastructure (ACI) software-defined networking solution. CVE-2023-20011 is a cross-site request forgery (CSRF) vulnerability in the management interface of the Cisco Application Policy Infrastructure Controller (APIC) and Cloud Network Controller. It can be exploited by a remote, unauthenticated attacker to conduct activities on the targeted system with the privileges of the compromised user. CVE-2023-20089 is a denial-of-service (DoS) vulnerability in Cisco Nexus 9000 series Fabric switches in ACI mode. It can be exploited by an unauthenticated, adjacent attacker, but certain conditions need to be met for exploitation. In addition, Cisco has patched medium-severity flaws in several products, including a UCS Manager and FXOS software issue, a command injection bug in NX-OS, a command injection in Firepower appliances, and an authentication bypass vulnerability in Nexus extenders. The company has also released an informational advisory for a privilege escalation issue related to products running NX-OS software and configured for SSH authentication with an X.509v3 certificate. Finally, Cisco has updated its advisory for CVE-2023-20032, a recently addressed critical vulnerability affecting the ClamAV library.
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.
By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.
Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.