CVE-2019-1867 is a security flaw located in the REST API of Cisco Elastic Services Controller (ESC) that could allow an unauthenticated, remote attacker to bypass authentication on the REST API, as per the official advisory. Note that Cisco ESC is a popular enterprise software for managing virtualized resources, and the flaw should be addressed as soon as possible.
How Can CVE-2019-1867 Be Exploited?
First of all, the vulnerability is triggered by improper validation of API requests.
An attacker could exploit the flaw by sending a crafted request to the REST API. In case of a successful exploit, the attacker could be able to execute arbitrary code via the API with admin privileges on the vulnerable system.
Fortunately, Cisco has patched the vulnerability which received a 10.0 base CVSS score making it rather severe. The score comes from the fact that the bug can be exploited remotely, without the attacker having special privileges and without user interaction.
These conditions can lead to high impact on the system’s confidentiality, integrity and availability. To top that off, the exploit based on CVE-2019-1867 is not complex at all, and an attack is easy to carry out.
The vulnerability affects versions 4.1, 4.2, 4.3, and 4.4 of Cisco ESC software. The only condition is that the vulnerable REST API is enabled. To determine whether the REST API is enabled on the ESC virtual machine, administrators can use sudo netstat -tlnup | grep ‘8443|8080’ and refer to the output of the command, Cisco says.
It should also be noted that the flaw was discovered by Cisco during internal security testing and there is no indication of actual attacks in the wild.
Administrators should upgrade to Cisco Elastic Services Controller Release 4.5 to avoid any future exploits. There are no workarounds to address the vulnerability.