CVE-2018-0121

CWE-287 — Improper Authentication4 documents4 sources

Severity

9.8CRITICAL

EPSS

3.6%

top 12.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Elastic Services Controller Cisco Virtual Managed Services

Timeline

PublishedFeb 22

Latest updateMay 13

Description

A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper security restrictions that are imposed by the web-based service portal of the affected software. An attacker could exploit this vulnerability by submitting an empty password val…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5cisco_elastic_services_controllerCisco Elastic Services Controller

▶NVDcisco/elastic_services_controller3.0.0

▶NVDcisco/virtual_managed_services3.0

🔴Vulnerability Details

GHSA

GHSA-7h7w-c9m3-p7hv: A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unaut↗2022-05-13

▶

CVEList

CVE-2018-0121: A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unaut↗2018-02-22

▶

📋Vendor Advisories

Cisco

Cisco Elastic Services Controller Service Portal Authentication Bypass Vulnerability↗2018-02-21

▶