Cisco Virtual Managed Services vulnerabilities

CVE-2018-0121 [CRITICAL] CWE-287 CVE-2018-0121: A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper security restrictions that a

CVE-2018-0130 [CRITICAL] CWE-264 CVE-2018-0130: A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Servi A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static default credentials for the web-based service portal of the affected softwa