Critical Vulnerability in Cisco Elastic Services Let Hackers take Full Control of the System Remotely

Cisco Elastic Services

Cisco Elastic Services

This critical vulnerability affected the Cisco Elastic Services Controller running Software Release 4.1, 4.2, 4.3, or 4.4 when REST API is enabled and it’s disabled by default.

Vulnerability main affected the Cisco Elastic Controller due to the improper validation API requests.

A successful exploit of this vulnerability let an attacker execute arbitrary actions through the REST API with administrative privileges on an affected system.

You can check the table that determines the vulnerable version of
Cisco Elastic Services Controller and this vulnerability are fixed in Cisco Elastic Services Controller Release 4.5, According to the Cisco report.

Cisco Elastic Services Controller Major Release Software Releases with Available Patch
Prior to 4.1 Not vulnerable
4.1 4.1.0.100
4.1.0.111
4.2 4.2.0.74
4.2.0.86
4.3 4.3.0.121
4.3.0.128
4.3.0.134
4.3.0.135
4.4 4.4.0.80
4.4.0.82
4.4.0.86
4.5 Not vulnerable

Check Whether the REST API Is Enabled

Administrators can check whether the REST API is enabled or not by
by running the following command on the ESC virtual machine

sudo netstat -tlnup | grep '8443|8080'

Once the command will be successfully executed, The following example shows the output of the command for a machine that has the REST API service enabled on port 8443.

~/# sudo netstat -tlnup | grep '8443|8080'
.
.
.
tcp6  0  0 :::8443        :::*  LISTEN 2557/java 

This vulnerability was found during internal security testing. CVE-2019-1867 is assigned for this vulnerability.

Also Read: