CVE-2019-1867: Highly Critical Bug in Cisco Elastic Services Controller
NEWS

CVE-2019-1867: Highly Critical Bug in Cisco Elastic Services Controller


Cisco has patched yet another critical vulnerability outlined as CVE-2019-1867.

CVE-2019-1867 is a security flaw located in the REST API of Cisco Elastic Services Controller (ESC) that could allow an unauthenticated, remote attacker to bypass authentication on the REST API, as per the official advisory. Note that Cisco ESC is a popular enterprise software for managing virtualized resources, and the flaw should be addressed as soon as possible.




How Can CVE-2019-1867 Be Exploited?

First of all, the vulnerability is triggered by improper validation of API requests.

An attacker could exploit the flaw by sending a crafted request to the REST API. In case of a successful exploit, the attacker could be able to execute arbitrary code via the API with admin privileges on the vulnerable system.

Fortunately, Cisco has patched the vulnerability which received a 10.0 base CVSS score making it rather severe. The score comes from the fact that the bug can be exploited remotely, without the attacker having special privileges and without user interaction.

Related:
A new critical flaw, CVE-2019-1663 in Cisco wireless VPN and firewall routers was just reported. Businesses should update immediately to protect against it.
CVE-2019-1663: Critical Flaw in Cisco Wireless VPN and Firewall Routers.

These conditions can lead to high impact on the system’s confidentiality, integrity and availability. To top that off, the exploit based on CVE-2019-1867 is not complex at all, and an attack is easy to carry out.

The vulnerability affects versions 4.1, 4.2, 4.3, and 4.4 of Cisco ESC software. The only condition is that the vulnerable REST API is enabled. To determine whether the REST API is enabled on the ESC virtual machine, administrators can use sudo netstat -tlnup | grep ‘8443|8080’ and refer to the output of the command, Cisco says.

It should also be noted that the flaw was discovered by Cisco during internal security testing and there is no indication of actual attacks in the wild.

Administrators should upgrade to Cisco Elastic Services Controller Release 4.5 to avoid any future exploits. There are no workarounds to address the vulnerability.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...