CVE-2019-1867

CWE-287Improper Authentication4 documents4 sources
Severity
10.0CRITICAL
EPSS
17.3%
top 4.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Elastic Services ControllerCisco Elastic Services Controller
Timeline
PublishedMay 10
Latest updateMay 24

Description

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

CVEListV5cisco/cisco_elastic_services_controllerunspecified4.1.0.100+3

🔴Vulnerability Details

2
GHSA
GHSA-gfx3-865x-23hf: A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on2022-05-24
CVEList
Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability2019-05-10

📋Vendor Advisories

1
Cisco
Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability2019-05-07
CVE-2019-1867 (CRITICAL CVSS 10) | A vulnerability in the REST API of | cvebase.io