SB2017070609 - Two vulnerabilities in Cisco Elastic Services Controller
Published: July 6, 2017
Security Bulletin ID
SB2017070609
CSH Severity
High
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Security restrictions bypass (CVE-ID: CVE-2017-6713)
CWE-ID: CWE-255 - Credentials Management
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass security restrictions.
The weakness exists in the Play Framework of Cisco Elastic Services Controller (ESC) due to static, default credentials for the Cisco ESC UI that are shared between installations. A remote attacker who can extract the static credentials from an existing installation of Cisco ESCcan generate an admin session token and access all instances of the ESC web UI.
Successful exploitation of the vulnerability results in full access to the system.
2) OS command injection (CVE-ID: CVE-2017-6712)
CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Amber
The vulnerability allows a remote authenticated attacker to bypass security restrictions.
The weakness exists in certain commands of Cisco Elastic Services Controller. A remote attacker can overwrite any file on the filesystem, gain root privileges and run dangerous shell commands on the server.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.