Jump to content

- - - - -

Cisco Fixes Critical Vulnerability in Elastic Services Controller

  • You cannot start a new topic
  • Please log in to reply
No replies to this topic

#1 Scorpion


    Advanced Member

  • Administrators
  • 96 posts
  • LocationScorpionsMaze

Posted 07 May 2019 - 09:10 PM

Cisco today released security updates for a critical vulnerability affecting its Elastic Services Controller (ESC). An unauthenticated, remote attacker could exploit the flaw on deployments that have REST API enabled.

Cisco ESC enables management of Virtual Network Functions, a virtualized method for designing, launching, and handling network services.

By default, it comes with the REST API disabled, but it required for interaction with the top orchestration layer.

Getting admin privileges

The security issue is now identified as CVE-2019-1867 and its cause is improper validation of API requests. As such, it can be exploited by sending specially crafted requests to the REST API.

An attacker leveraging it successfully can bypass authentication on the REST API and run arbitrary actions with administrative privileges.

The severity as calculated using version 3.0 of the Common Vulnerability Scoring System (CVSS) is 10, a perfect score, because exploitation is possible over the network and requires no privileges or user interaction.

All instances of Cisco ESC running major versions of Software Release 4.1, 4.2, 4.3, or 4.4 are vulnerable. The company rolled out patches for each of them.

Patching seems to be the only solution to deal with the vulnerability as Cisco gave no workaround alternatives.

Check the state of REST API

Administrators can check if the web service is turned on by running the following command on the ESC virtual machine:

sudo netstat -tlnup | grep '8443|8080'

A machine with the service enabled on port 8443 will provide the following response:

~/# sudo netstat -tlnup | grep '8443|8080'
tcp6  0  0 :::8443        :::*  LISTEN 2557/java   

According to the security advisory, the vulnerability was found internally during security testing and there is no evidence that the glitch has been exploited in the wild.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users