Cisco NSO Vulnerability Allows Unauthenticated Access to Sensitive Data

CVE-2021-1132

What is CVE-2021-1132?

A vulnerability in the API subsystem and web-management interface of Cisco Network Services Orchestrator (NSO) enables an unauthenticated remote attacker to potentially access sensitive data. This issue arises from inadequate validation of user-supplied input in specific HTTP-based APIs and the web-management interface. Attackers can exploit this vulnerability by sending specially crafted HTTP requests containing directory traversal sequences to the affected system. Successfully executing such an attack could grant unauthorized access to files that contain sensitive information. Cisco has provided software updates to mitigate this issue, and no alternative workarounds are available.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References