Vulnerabilities > Cisco > Elastic Services Controller > 2.2.9.76

DATE CVE VULNERABILITY TITLE RISK
2017-08-17 CVE-2017-6786 Information Exposure vulnerability in Cisco Elastic Services Controller 2.2(9.76)
A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system.
local
low complexity
cisco CWE-200
6.3
2017-08-17 CVE-2017-6776 Cross-site Scripting vulnerability in Cisco Elastic Services Controller 2.2(9.76)/2.3(1)
A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface.
network
low complexity
cisco CWE-79
6.1
2017-06-13 CVE-2017-6697 Information Exposure vulnerability in Cisco Elastic Services Controller 2.2(9.76)
A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system.
network
low complexity
cisco CWE-200
6.5
2017-06-13 CVE-2017-6693 Missing Authorization vulnerability in Cisco Elastic Services Controller 2.2(9.76)/2.3(1)
A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access.
local
low complexity
cisco CWE-862
5.5
2017-06-13 CVE-2017-6689 Insecure Default Initialization of Resource vulnerability in Cisco Elastic Services Controller 2.2(9.76)
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability.
network
low complexity
cisco CWE-1188
8.8
2017-06-13 CVE-2017-6688 Insecure Default Initialization of Resource vulnerability in Cisco Elastic Services Controller 2.2(9.76)
A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability.
network
low complexity
cisco CWE-1188
8.8
2017-06-13 CVE-2017-6683 OS Command Injection vulnerability in Cisco Elastic Services Controller 2.2(9.76)
A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vulnerability.
network
low complexity
cisco CWE-78
8.8
2017-06-13 CVE-2017-6682 OS Command Injection vulnerability in Cisco Elastic Services Controller 2.2(9.76)
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system.
network
low complexity
cisco CWE-78
8.8