Cisco has addressed a maximum severity authentication bypass vulnerability found in the API endpoint of the Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine. Unauthenticated attackers may bypass authentication remotely on affected devices by sending a crafted request to exploit the improper token validation bug affecting the CISCO ACI MSO API endpoint. The vulnerability (tracked as CVE-2021-1388 and with a 10/10 CVSS base score) only impacts only MSO 3.0 versions. The company also patched five more security vulnerabilities affecting Cisco FXOS Software, Cisco NX-OS and Cisco UCS Software.
Source: https://www.bleepingcomputer.com/news/security/cisco-fixes-maximum-severity-mso-auth-bypass-vulnerability/