Critical vulnerability in Cisco Elastic Services Controller.

News by Doug Olenick

Cisco has released a security advisory for a bypass a critical vulnerability in its REST API of Cisco Elastic Services Controller.

Cisco has released a security advisory for a bypass a critical vulnerability in its REST API of Cisco Elastic Services Controller.

The flaw, CVE-2019-1867, could allow an unauthenticated, remote attacker to bypass authentication on the REST API, the company reported. The problem is caused by an improper validation of API requests that can be exploited with a crafted request to the REST API resulting in giving an attacker the ability to execute arbitrary actions with administrative privileges.

Cisco Elastic Services Controller running Software Release 4.1, 4.2, 4.3, or 4.4 when the REST API is enabled are all affected by this vulnerability. Cisco has released an update to take care of the issue, but also noted there are no workarounds currently available.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike