Vulnslist

find the latest Cisco vulnerabilities

Cisco Elastic Services Controller Authentication Request Processing Arbitrary Command Execution Vulnerability

cisco-sa-20170607-esc2 · Medium · Published · Updated

A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system. The vulnerability is due to insufficient sanitization of arguments that are passed while authenticating to the monitoring daemon on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the monitoring daemon via TCP port 6000 on an affected system. A successful exploit could allow the attacker to execute arbitrary commands as the tomcat user on the affected system. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc2

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-6683
Cisco Bug IDsCSCvc76642
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Elastic Services Controller

Related Products

Product CVE Evidence