Cisco has published 12 new bulletins, 3 rated Critical, 4 rated High, and the rest Medium.
More info.
A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on an affected device and receive a token with administrator-level privileges. CVSSv3 score of 10
More info.
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated, remote attacker to gain privileged access to host-level operations or to learn device-specific information, create diagnostic files, and make limited configuration changes. CVSSv3 score of 9.8
More info.
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. CVSSv3 score of 9.8
More info.
A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. A successful exploit could cause the network stack to run out of available buffers, requiring manual intervention to restore normal operations on the affected device. CVSSv3 score of 8.1
More info.
A vulnerability with BGP for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure mode could allow an unauthenticated, remote attacker to send a crafted BGP update to an affected device and cause a routing process to crash, which could lead to a DoS condition. CVSSv3 score of 8.6
More info.