Critical flaw allows attackers to take over Cisco Elastic Services Controllers

Critical flaw allows attackers to take over Cisco Elastic Services Controllers. Cisco has patched a critical, remotely exploitable authentication bypass vulnerability in Cisco Elastic Services Controller (ESC), a popular enterprise software for managing virtualized resources.

Cisco Elastic Services Controller Architecture

About the vulnerability (CVE-2019-1867) Critical flaw allows attackers to take over Cisco Elastic Services Controllers

“The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system,” Cisco explains.

CVE-2019-1867 has received a “perfect” 10.0 base CVSS score due to the fact that it can be exploited remotely, without the attacker having special privileges and without user interaction, and has a high impact on the system’s confidentiality, integrity and availability. In addition, the attack is easy to perform, as its complexity is low.

The vulnerability affects versions 4.1, 4.2, 4.3, and 4.4 of Cisco Elastic Services Controller (ESC), but only if the vulnerable REST API is enabled – and it’s not by default. Nevertheless, it’s likely that many users have it enabled.

Another good news is that the flaw was discovered by Cisco during internal security testing and there is no indication that it is currently being exploited in the wild.

Administrators are advised to upgrade to Cisco Elastic Services Controller Release 4.5 to plug the hole.

A Cisco Router Bug Has Massive Global Implications

U.S. Govt Issues Microsoft Office 365 Security Best Practices

Cybersecurity burnout: 10 most stressful parts of the job

It’s Almost Impossible to Tell if Your iPhone Has Been Hacked

Free online cybersecurity training resources

Introduction to Batch File Viruses

How do I install plugins in WordPress?

City of Toronto data at risk of cyber attack: report

Google is about to have a lot more ads on phones

The dark web represents only a fraction of the rest of the internet

Russia ‘successfully tests’ its unplugged internet

2020-05-11T22:01:58-04:00

About the Author: Bernard Aybout

I'm a loving husband, and father of 3 beautiful children. A computer / IT enthusiast.I work for Magna International - Karmax Heavy Stamping in Canada. I make sure your bumper does not fall off.I've used and enjoyed computers / gadgets since I was young, and enjoy teaching young minds how to code, because it teaches them how to think.Today with YouTube, Fakebook, Twitter, etc... and social media garbage our youth are losing the ability to think on their own and solve problems.I believe this is a serious epidemic as kids today dont understand that technology is a tool. This tool is being abused, and its underlying effects are taking its toll on kids behavior's, and learning.

Critical flaw allows attackers to take over Cisco Elastic Services Controllers

About the vulnerability (CVE-2019-1867) Critical flaw allows attackers to take over Cisco Elastic Services Controllers

Related Videos:

Related Posts:

About the Author: Bernard Aybout