CVE-2019-1867

Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability

CVSS 10 CRITICALEPSS 30.3%CWE-287

Vexday Risk Score

40Atenção

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 10EPSS 30.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

10 mai 2019Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Produtos afetados

Cisco · Cisco Elastic Services Controller

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass