SB2017060901 - Multiple vulnerabilities in Cisco Elastic Services Controller
Published: June 9, 2017
Security Bulletin ID
SB2017060901
Severity
High
Patch available
YES
Number of vulnerabilities
9
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2017-6693)
The vulnerability allows a local authenticated attacker to obtain potentially sensitive information.The weakness exists in the ConfD server component of Cisco Elastic Services Controllers due to insufficiently protection of files stored in the file system. A local attacker can access and modify restricted file on the affected system.
Successful exploitation of the vulnerability results in information disclosure.
2) Information disclosure (CVE-ID: CVE-2017-6691)
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.The weakness exists in the ConfD CLI of Cisco Elastic Services Controllers due to improper permissions that are set for certain files by the affected service. A remote attacker can access arbitrary files and conduct further attacks.
Successful exploitation of the vulnerability results in information disclosure.
3) Privilege escalation (CVE-ID: CVE-2017-6689)
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.The weakness exists in the ConfD CLI of Cisco Elastic Services Controllers due to existence of a default, weak, hard-coded password for the "admin" account of an affected system. A remote attacker can use Secure Shell (SSH) on TCP port 2024 and default password to log in to the system as "admin" user and gain "admin" privileges on the system.
Successful exploitation of the vulnerability results in "admin" access to the system.
4) Privilege escalation (CVE-ID: CVE-2017-6688)
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.The weakness exists in Cisco Elastic Services Controllers on Linux systems due to existence of a default, weak, hard-coded password for the "root" account of an affected system. A remote attacker can use default password to log in to the system as Linux "root" user and gain "root" privileges on the system.
Successful exploitation of the vulnerability results in "root" access to the system.
5) Privilege escalation (CVE-ID: CVE-2017-6684)
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.The weakness exists in Cisco Elastic Services Controllers on Linux systems due to existence of a default, weak, hard-coded password for the "admin" account of an affected system. A remote attacker can use default password to log in to the system as Linux "admin" user and gain "admin" privileges on the system.
Successful exploitation of the vulnerability results in "admin" access to the system.
6) Command injection (CVE-ID: CVE-2017-6683)
The vulnerability allows a remote authenticated attacker to execute arbitrary command on the target system.The weakness exists in the esc_listener.py script of Cisco Elastic Services Controllers due to insufficient sanitization of arguments that are passed while authenticating to the monitoring daemon on an affected system. A remote attacker can send a specially crafted request to the monitoring daemon via TCP port 6000 and execute arbitrary commands as the tomcat user.
Successful exploitation of the vulnerability may result in system compromise.
7) Command injection (CVE-ID: CVE-2017-6682)
The vulnerability allows a remote authenticated attacker to execute arbitrary command on the target system.The weakness exists in ConfD CLI of Cisco Elastic Services Controllers on Linux systems due to insufficient sanitization of commands that are permitted to run from the ConfD CLI of an affected system. A remote attacker can break from the restricted shell of the ConfD CLI of an affected system and run arbitrary commands as the Linux tomcat user.
Successful exploitation of the vulnerability may result in system compromise.
8) Information disclosure (CVE-ID: CVE-2017-6696)
The vulnerability allows a local authenticated attacker to obtain potentially sensitive information.The weakness exists in the file system of Cisco Elastic Services Controllers due to insufficient access control to the credential repository on an affected system. A local attacker can use a command line to retrieve sensitive credentials.
Successful exploitation of the vulnerability results in information disclosure.
9) Information disclosure (CVE-ID: CVE-2017-6697)
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.The weakness exists in the web interface of Cisco Elastic Services Controllers due to insufficient access control to the credential repository on an affected system. A remote attacker can access the web user interface and retrieve sensitive system credentials.
Successful exploitation of the vulnerability results in information disclosure.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc7
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc6
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc4
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc3
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc2
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc1
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc8
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc9