Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability
CVE-2019-1867

10CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Elastic Services Controller
Vendor: CVE Published:; 10 May 2019

Badges

👾 Exploit Exists

Summary

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system.

Affected Version(s)

Cisco Elastic Services Controller < 4.1.0.100

Cisco Elastic Services Controller < 4.2.0.74

Cisco Elastic Services Controller < 4.3.0.121

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
May 10, 2019
Vulnerability Reserved
Dec 6, 2018