Report incident

Security Alerts

Vulnerability Alert - Cisco Elastic Services Controller

type Vulnerabilities
Systems AffectedCisco Elastic Services Controller running on version 4.1, 4.2, 4.3 or 4.4 with REST API enabled.
System Applications

Description

It was found a vulnerability in the REST API that could be exploited by sending a crafted request without authentication.
This vulnerability can be exploited due to improper validation of API requests.

impact

This vulnerability allows an attacker to execute arbitrary code with administrative privileges on an affected system through REST API.

Resolution

Update Cisco Elastic Services Controller to version 4.5.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass