Vulnslist

find the latest Cisco vulnerabilities

Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability

cisco-sa-20190507-esc-authbypass · Critical · Published · Updated

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2019-1867
Cisco Bug IDsCSCvn82921
CVSS ScoreBase 10.0
Base 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Elastic Services Controller

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Elastic Services Controller known_affected cisco_csaf CVE-2019-1867 1

Related Products

Product CVE Evidence
Cisco Elastic Services Controller CVE-2019-1867 Cisco OpenVuln