The Vulnerability and Its Mechanism
Cisco has disclosed a critical security flaw in its Secure Workload platform that allows unauthenticated attackers to seize full control of affected systems through internal API endpoints. The issue originates from missing authentication checks on REST API interfaces, meaning an attacker can send specially crafted requests to these endpoints without any credentials. Successful exploitation grants the attacker Site Admin level privileges, effectively handing over complete administrative control of the environment.
The vulnerability affects both SaaS and on premises deployments of Cisco Secure Workload. Crucially, the attacker does not need any prior access or special conditions to exploit the flaw, making it trivially easy to leverage once an API endpoint is reachable.
Impact and Mitigation
With Site Admin privileges, an attacker can access sensitive operational data, modify core configurations, and potentially move laterally across tenants in shared cloud deployments. This cross tenant risk amplifies the danger for enterprises that rely on Secure Workload for application visibility and microsegmentation in multi tenant environments.
Cisco has released patches for the affected software versions. Version 3.10 should be updated to 3.10.8.3, and version 4.0 should be updated to 4.0.3.17. Customers running versions 3.9 or earlier must migrate to a supported fixed release. For SaaS customers, Cisco has already applied the fixes server side. No workarounds exist. The flaw was discovered during Cisco’s internal security testing, and no active exploitation has been reported yet, but the maximum severity rating warrants immediate patching.
Source: Cyber Security News
