Again, Cisco released security advisories for their software-defined networking (SDN) solution called Application Centric Infrastructure (ACI). As before (see blog post here), the published advisories originated from research performed in our ACI lab.
The following advisories have been published:
Cisco Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-n9kaci-bypass
CVSS Base Score: 7.4
Cisco Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-ccapic-restapi
CVSS Base Score: 7.2
We will provide technical details for all identified vulnerabilities at this year’s Black Hat USA conference. If you are interested, have a look at our talk.
And as always, be sure to follow the recommendations in the advisories to mitigate or eliminate these vulnerabilities!