Cisco releases Patch for addressing vulnerability in APIC
Cisco Systems issued patches to attend to a critical vulnerability influencing the Application Policy Infrastructure Controller (APIC) interface, which is used in its Nexus 9000 Series Switches. Successful exploitation of the flaw could enable the attacker to read or write arbitrary files on the infected system.
The vulnerability is Tracked as CVE-2021-1577 (CVSS score: 9.1) and is said to be the result of improper access control. It is capable of allowing a threat actor to upload a file to the affected device.
Also Read: Cisco releases patch for small business VPN routers
The APIC appliance is a central, clustered controller that augments the performance and unites the operation of physical and virtual environments.
The vulnerability was discovered by Cisco Advanced Security Initiatives Group (ASIG) during the internal security testing conducted by them.
Additionally, CISCO claims to conclude its investigation into a new BadAlloc flaw in BlackBerry’s QNX real-time operating system. It stated that the entity had finished the investigation into its product line to identify the products that are victims of this vulnerability. They added that none of the products are known to be compromised.
Cisco products that run QNX are:
- Channelized shared port adapters (SPAs) (CSCvz34866)
- Circuit Emulation over Packet (CEoP) SPAs (CSCvz34865)
- IOS XR 32-bit Software (CSCvz34871)
- RF Gateway 10 (CSCvz34869)