Static Credential Flaw in Cisco Elastic Services Controller
CVE-2017-6713

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Elastic Services Controller
Vendor: CVE Published:; 6 July 2017

Summary

A static credential flaw in the Cisco Elastic Services Controller enables remote attackers to exploit shared default credentials. This vulnerability allows unauthorized users to generate valid admin session tokens, granting them unrestricted access to the ESC web UI across all installations. Affected installations prior to versions 2.3.1.434 and 2.3.2 are especially at risk, as they may expose sensitive system functionalities to attackers. It is essential for organizations using Cisco ESC to ensure they update their systems to mitigate this risk.

Affected Version(s)

Cisco Elastic Services Controller Cisco Elastic Services Controller

References

http://www.securityfocus.com/bid/99437

vdb-entryx_refsource_BID

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 6, 2017
Vulnerability Reserved
Mar 9, 2017