Executive Summary
Summary | |
---|---|
Title | Cisco Elastic Services Controller Unauthorized Access Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20170705-esc2 | First vendor Publication | 2017-07-05 |
Vendor | Cisco | Last vendor Modification | 2017-07-05 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJZXQ8JZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHk00w/8CeCeVzuG2xmoritf m4eTXY4WRspXCQA/Fj4+gpuRFmA8VxhfLdJ1fL4uQFlVi49BCLyL6nnxvobxbEa4 zL+l4BBjuSWR+PXXxXgLgho0XI+kwffQPCERtbB8S42mlTeC4znt7lCJ5lBSRZX6 qRO8L7+9K/hO+/NCxhMJxPrzKDPnQQnL85qTD+FNqINNxklvXHG4DAaVTA7r53qc YVCuCKEM4LZk2m53xM1x+o4N36L/U43Oubg+NNy2nWWkBL1zKulXCAfsQEX5dN0L pnq0Di2CiqWLedzqpL2/d/w8zzOBb/IvJm5uHVbQeWxZMneqOua9GLx6w0DFeTcc uce8aHvQ8zWODBAojyP8Penkb8R4dUWvf6A/ttgCSPykNLH1DfB0zDHTKBiIT2B4 qYcK31sgmC2hz03JxXcLlB7VWtIXlY7RVNAV1P5Iz+rXqsuBId1167a9jFpEoIhZ TN44KpZZi4HlznuIfWKVsqt8W9AQhEc8R9o/X/ltdfx8hKjA59ag0OF7GSPDTbjz 67MakNadwrKx5g2+KzQtlNoph8dRH1FeithfgfOYrWF17aYolfpEDmcKveMCVQxS mbfTBxyhlv4fQ+3JDML4FjfQDn89puQr/E010OdEMxgpKJ04+rtWxXGxxpo87e3P CKbkpO0kUjzKowYJGZNNLbC5LyI= =11TG END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-770 | Allocation of Resources Without Limits or Throttling |
CPE : Common Platform Enumeration
Alert History
Date | Informations |
---|---|
2017-07-07 21:24:49 |
|
2017-07-06 09:24:47 |
|
2017-07-06 00:22:11 |
|