You are here
Home > Preporuke > Ranjivost Cisco Elastic Services Controller softvera

Ranjivost Cisco Elastic Services Controller softvera

by ncert - 0

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Elastic Services Controller Unauthorized Access Vulnerability

Advisory ID: cisco-sa-20170705-esc2

Revision: 1.0

For Public Release: 2017 July 5 16:00 GMT

Last Updated: 2017 July 5 16:00 GMT

CVE ID(s): CVE-2017-6713

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary
=======
A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system.

The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZXQ8JZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHk00w/8CeCeVzuG2xmoritf
m4eTXY4WRspXCQA/Fj4+gpuRFmA8VxhfLdJ1fL4uQFlVi49BCLyL6nnxvobxbEa4
zL+l4BBjuSWR+PXXxXgLgho0XI+kwffQPCERtbB8S42mlTeC4znt7lCJ5lBSRZX6
qRO8L7+9K/hO+/NCxhMJxPrzKDPnQQnL85qTD+FNqINNxklvXHG4DAaVTA7r53qc
YVCuCKEM4LZk2m53xM1x+o4N36L/U43Oubg+NNy2nWWkBL1zKulXCAfsQEX5dN0L
pnq0Di2CiqWLedzqpL2/d/w8zzOBb/IvJm5uHVbQeWxZMneqOua9GLx6w0DFeTcc
uce8aHvQ8zWODBAojyP8Penkb8R4dUWvf6A/ttgCSPykNLH1DfB0zDHTKBiIT2B4
qYcK31sgmC2hz03JxXcLlB7VWtIXlY7RVNAV1P5Iz+rXqsuBId1167a9jFpEoIhZ
TN44KpZZi4HlznuIfWKVsqt8W9AQhEc8R9o/X/ltdfx8hKjA59ag0OF7GSPDTbjz
67MakNadwrKx5g2+KzQtlNoph8dRH1FeithfgfOYrWF17aYolfpEDmcKveMCVQxS
mbfTBxyhlv4fQ+3JDML4FjfQDn89puQr/E010OdEMxgpKJ04+rtWxXGxxpo87e3P
CKbkpO0kUjzKowYJGZNNLbC5LyI=
=11TG
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

ncert
Top
More in Preporuke
Ranjivost Cisco StarOS operacijskog sustava

Otkrivena je ranjivost u CLI naredbenom kodu unutar operacijskog sustava StarOS za Cisco ASR 5000, 5500 i 5700 seriju uređaja...

Close