Security News > 2019 > May > Critical flaw allows attackers to take over Cisco Elastic Services Controllers
2019-05-08 08:29
Cisco has patched a critical, remotely exploitable authentication bypass vulnerability in Cisco Elastic Services Controller (ESC), a popular enterprise software for managing virtualized resources. About the vulnerability (CVE-2019-1867) “The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system,” … More → The post Critical flaw allows attackers to take over Cisco Elastic Services Controllers appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Nm00Fdge6vQ/
Related news
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-10 | CVE-2019-1867 | Improper Authentication vulnerability in Cisco Elastic Services Controller A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. | 10.0 |