Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability
CVE-2019-1867

10CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Elastic Services Controller
Vendor: CVE Published:; 10 May 2019

Badges

👾 Exploit Exists🟣 EPSS 21%

What is CVE-2019-1867?

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cisco Elastic Services Controller < 4.1.0.100

Cisco Elastic Services Controller < 4.2.0.74

Cisco Elastic Services Controller < 4.3.0.121

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

EPSS Score

21% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 4, 2024
Vulnerability published
May 10, 2019
Vulnerability Reserved
Dec 6, 2018

JSON

Cisco

Badges

What is CVE-2019-1867?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.