Multiple vulnerabilities in Cisco Elastic Services Controller
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2017-6693 CVE-2017-6691 CVE-2017-6689 CVE-2017-6688 CVE-2017-6684 CVE-2017-6683 CVE-2017-6682 CVE-2017-6696 CVE-2017-6697 |
| CWE-ID | CWE-200 CWE-259 CWE-77 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Elastic Services Controller Server applications / Remote management servers, RDP, SSH |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU6990
Risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6693
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to obtain potentially sensitive information.
The weakness exists in the ConfD server component of Cisco Elastic Services Controllers due to insufficiently protection of files stored in the file system. A local attacker can access and modify restricted file on the affected system.
Successful exploitation of the vulnerability results in information disclosure.
Install update from vendor's website.
Elastic Services Controller: 2.2.9.76 - 2.3.1
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU6991
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6691
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The weakness exists in the ConfD CLI of Cisco Elastic Services Controllers due to improper permissions that are set for certain files by the affected service. A remote attacker can access arbitrary files and conduct further attacks.
Successful exploitation of the vulnerability results in information disclosure.
Install update from vendor's website.
Elastic Services Controller: 2.3.2
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Privilege escalation
EUVDB-ID: #VU6992
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6689
CWE-ID:
CWE-259 - Use of Hard-coded Password
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists in the ConfD CLI of Cisco Elastic Services Controllers due to existence of a default, weak, hard-coded password for the "admin" account of an affected system. A remote attacker can use Secure Shell (SSH) on TCP port 2024 and default password to log in to the system as "admin" user and gain "admin" privileges on the system.
Successful exploitation of the vulnerability results in "admin" access to the system.
Install update from vendor's website.
Elastic Services Controller: 2.2.9.76
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Privilege escalation
EUVDB-ID: #VU6993
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6688
CWE-ID:
CWE-259 - Use of Hard-coded Password
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists in Cisco Elastic Services Controllers on Linux systems due to existence of a default, weak, hard-coded password for the "root" account of an affected system. A remote attacker can use default password to log in to the system as Linux "root" user and gain "root" privileges on the system.
Successful exploitation of the vulnerability results in "root" access to the system.
Install update from vendor's website.
Elastic Services Controller: 2.2.9.76
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Privilege escalation
EUVDB-ID: #VU6994
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6684
CWE-ID:
CWE-259 - Use of Hard-coded Password
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The weakness exists in Cisco Elastic Services Controllers on Linux systems due to existence of a default, weak, hard-coded password for the "admin" account of an affected system. A remote attacker can use default password to log in to the system as Linux "admin" user and gain "admin" privileges on the system.
Successful exploitation of the vulnerability results in "admin" access to the system.
Install update from vendor's website.
Elastic Services Controller: 2.2.9.76
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Command injection
EUVDB-ID: #VU6995
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6683
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary command on the target system.
The weakness exists in the esc_listener.py script of Cisco Elastic Services Controllers due to insufficient sanitization of arguments that are passed while authenticating to the monitoring daemon on an affected system. A remote attacker can send a specially crafted request to the monitoring daemon via TCP port 6000 and execute arbitrary commands as the tomcat user.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Elastic Services Controller: 2.2.9.76
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Command injection
EUVDB-ID: #VU6996
Risk: High
CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6682
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary command on the target system.
The weakness exists in ConfD CLI of Cisco Elastic Services Controllers on Linux systems due to insufficient sanitization of commands that are permitted to run from the ConfD CLI of an affected system. A remote attacker can break from the restricted shell of the ConfD CLI of an affected system and run arbitrary commands as the Linux tomcat user.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Elastic Services Controller: 2.2.9.76
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Information disclosure
EUVDB-ID: #VU6997
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6696
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated attacker to obtain potentially sensitive information.
The weakness exists in the file system of Cisco Elastic Services Controllers due to insufficient access control to the credential repository on an affected system. A local attacker can use a command line to retrieve sensitive credentials.
Successful exploitation of the vulnerability results in information disclosure.
Install update from vendor's website.
Elastic Services Controller: 2.3.2
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Information disclosure
EUVDB-ID: #VU6998
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6697
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.
The weakness exists in the web interface of Cisco Elastic Services Controllers due to insufficient access control to the credential repository on an affected system. A remote attacker can access the web user interface and retrieve sensitive system credentials.
Successful exploitation of the vulnerability results in information disclosure.
Install update from vendor's website.
Elastic Services Controller: 2.2.9.76
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
