Company

ABOUT ESENTIRE

eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.

About Us →

Leadership →

Careers →

Event Calendar →

Newsroom →

Aston Villa Football Club →

EVENT CALENDAR

May

May TRU Intelligence Briefing

May

Elevate IT Technology Summit Kansas City

May

Cybersecurity Summit Toronto

May

Cybersec Brussels

May

Cybersecurity Summit Austin

View Calendar →

LATEST PRESS RELEASE

Mar 06, 2025

eSentire Unleashes AI-Driven Atlas Nexus Network, Empowering Cybersecurity Partners to Build Differentiated Security Services at Scale

View Newsroom →

OUR PARTNERSHIPS

Aston Villa Football Club

AVFC takes its cyber protection to the Next Level with eSentire as its official cybersecurity partner.

Learn More

Speak With A Security Expert Now

TALK TO AN EXPERT

THE THREAT

On February 24th, 2021, Cisco announced four critical vulnerabilities as well as multiple high and medium vulnerabilities impacting a variety of Cisco products. The critical vulnerabilities all received ratings between 9.8 – and 10 out of 10 on the Common Vulnerability Scoring System (CVSS). All of the stated vulnerabilities are exploitable by remote and unauthenticated attackers. Cisco’s ACI Multi-Site Orchestrator (MSO), Application Services Engine, and Nexus 3000 and 9000 series Switches are impacted.

Exploitation has not been identified in the wild at this time. Organizations are strongly recommended to review the recent Cisco releases and apply patches for vulnerable devices.

What we’re doing about it

MVS will automatically add the relevant plugins for these vulnerabilities once details are made available
- MVS customers seeking assistance with their review or scans, please contact your MVS consultant or the eSentire Security Operations Center (SOC)
eSentire security teams continue to track this topic for additional details and detection opportunities

What you should do about it

After performing a business impact review, apply the relevant security patches provided by Cisco
- Workarounds as a temporary alternative to patching are only available for CVE-2021-1361

Additional information

The recent critical vulnerabilities are as follows:

CVE-2021-1388 (CVSS: 10/10) - Cisco ACI Multi-Site Orchestrator (MSO) version 3.0 vulnerability, allows a remote unauthenticated attacker to bypass device authentication. Successful exploitation would allow threat actors to receive a token with administrator privileges. The vulnerability is due to improper token validation. It is worth noting that this vulnerability is only applicable when deployed on a Cisco Application Services Engine.

CVE-2021-1393/CVE-2021-1396 (CVSS: 9.8/10) - Multiple vulnerabilities in Cisco Application Services Engine version 1.1(3d) and earlier, allows an unauthenticated, remote attacker to gain privileged access to host-level operations or learn device-specific information, create diagnostic files, and make limited configuration changes. Both vulnerabilities are due to insufficient access controls.

CVE-2021-1361 (CVSS: 9.8/10) - Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches versions 9.3(5) and 9.3(6), allows an unauthenticated, remote attacker to create, delete, or overwrite arbitrary files with root privileges on the device. The vulnerability is the result of the incorrect configuration of TCP port 9075.

All of these vulnerabilities should receive a high priority for patching before exploitation in the wild is identified.

References:

[1] https://tools.cisco.com/security/center/publicationListing.x

[2] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3000-9000-fileaction-QtLzDRy2

[3] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-authbyp-bb5GmBQv

[4] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-case-mvuln-dYrDPC6w

ESENTIRE SERVICES

Managed Detection and Response

All-In-One MDR Solution →

MDR for Microsoft →

MDR for GenAI →

Digital Forensics and Incident Response

Continuous Threat Exposure Management (CTEM)

PLATFORM, PEOPLE AND RESPONSE

Security Operations Center (SOC)

Extended Detection and Response (XDR)

Technology Integrations

Threat Response Unit (TRU)

Cyber Resilience Team

Response and Remediation

MDR Packages and 24/7 Protection

MDR Pricing and Packages

Atlas Essentials

Atlas Advanced

Atlas Complete

24/7 Coverage

Endpoint

Network

Log

Cloud

Identity

INDUSTRIES

Insurance

Construction

Finance

Legal

Manufacturing

Private Equity

Healthcare

Retail

Food Supply

Government and Education

Automotive Dealerships

USE CASES

Ransomware

Cybersecurity Compliance

Zero Day Attacks

Cloud Misconfiguration

Third-Party Risk

Do More With Less

Cyber Risk

Cyber Insurance

Sensitive Data Security

Security Leadership

Cyber Threat Intelligence

From The Blog

Pure Crypter Malware Analysis: 99 Problems but Detection Ain’t One

MDR Vendors: Complete Guide to Understanding Managed Detection & Response…

Identity is the New Attack Surface: Why Threat Detection Alone Isn't…

Resources

Case Studies

TRU Intelligence Center

Cybersecurity Tools

Videos

Reports

Webinars

Data Sheets

Real vs. Fake MDR

Compare MDR Vendors

Blogs

Security Advisories

SECURITY ADVISORIES

Maximum Severity SAP Vulnerability Exploited

CrushFTP Authentication Bypass