CRITICAL✓ PATCH🇬🇧 English

CVE-2019-1867

CVSS 10.0v3.0pub. 2019-05-10upd. 2024-11-21

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Cisco Elastic Services Controller

    APP
    Cisco
    4.1 – 4.5 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2018-0121CRITICAL9.8ten sam produkt

A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services ...

CVE-2017-6713CRITICAL9.8ten sam produkt

A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticate...

CVE-2017-6712HIGH8.8ten sam produkt

A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote ...

CVE-2017-6684HIGH8.8ten sam produkt

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in ...

CVE-2017-6689HIGH8.8ten sam produkt

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote at...

CVE-2019-1867 — CRITICAL 10.0 | CVEbaza.pl