CVE-2018-0130
published 2018-02-22CVE-2018-0130: A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.00%
78.3th percentile
A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials for the web-based service portal of the affected software. An attacker could exploit this vulnerability by extracting the credentials from an image of the affected software and using those credentials to generate a valid administrative session token for the web-based service portal of any other installation of the affected software. A successful exploit could allow the attacker to gain administrative access to the web-based service portal of an affected system. This vulnerability affects Cisco Elastic Services Controller Software Release 3.0.0. Cisco Bug IDs: CSCvg30884.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | elastic_services_controller_service_portal_unauthorized_access | — | — |
| cisco | virtual_managed_services | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability involves static default credentials embedded in the Cisco Elastic Services Controller software image used to sign/generate JSON web tokens (JWTs) for the web-based service portal. Detect unauthorized administrative sessions by monitoring for JWT tokens generated with static/default signing credentials on the ESC service portal. ↗
- →Scope detection to Cisco Elastic Services Controller Software Release 3.0.0 specifically, as this is the only confirmed affected version. ↗
- ·No workarounds are available for this vulnerability; only the vendor-released software update remediates it. Detection must rely on monitoring for exploitation rather than configuration mitigation. ↗
- ·The static credentials are embedded within the software image itself, meaning any installation of ESC 3.0.0 shares the same default JWT signing secret, making cross-instance token forgery trivially possible for any attacker who has access to the image. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_cisco7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p3xr-xw6j-mjf8: A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthentic
ghsa_unreviewed·2022-05-13
CVE-2018-0130 [CRITICAL] CWE-1188 GHSA-p3xr-xw6j-mjf8: A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthentic
A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials for the web-based service portal of the affected software. An attacker could exploit this vulnerability by extracting the credentials from an image of the affected software and using those credentials to generate a valid administrative session token for the web-based service portal of any other installation of the affected software. A successful exploit could allow the attacker to gain administrative access to the web-based service portal of an affected system. This vulnerability affects Cisco Elast
Cisco
Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability
vendor_cisco·2018-02-21·CVSS 7.3
CVE-2018-0130 [HIGH] CWE-264 Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability
Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability
A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system.
The vulnerability is due to the presence of static default credentials for the web-based service portal of the affected software. An attacker could exploit this vulnerability by extracting the credentials from an image of the affected software and using those credentials to generate a valid administrative session token for the web-based service portal of any other installation of the affected software. A successful exploit could allow the attacker to gain administrative access to the w
Cisco
Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability
vendor_cisco·CVSS 3.0
CVE-2018-0130 Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability
CVE-2018-0130: Cisco Elastic Services Controller Service Portal Unauthorized Access Vulnerability
A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials for the web-based service portal of the affected software. An attacker could exploit this vulnerability by extracting the credentials from an image of the affected software and using those credentials to generate a valid administrative session token for the web-based service portal of any other installation of the affected software. A successful exploit could allow the attacker to gain administrative ac
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-02-22
Published