Command injection in Elastic Services Controller - CVE-2017-6683
Published: June 9, 2017
Vulnerability identifier: #VU6995
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Amber
CVE-ID: CVE-2017-6683
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Elastic Services Controller
Elastic Services Controller
Detailed vulnerability description
The vulnerability allows a remote authenticated attacker to execute arbitrary command on the target system.
The weakness exists in the esc_listener.py script of Cisco Elastic Services Controllers due to insufficient sanitization of arguments that are passed while authenticating to the monitoring daemon on an affected system. A remote attacker can send a specially crafted request to the monitoring daemon via TCP port 6000 and execute arbitrary commands as the tomcat user.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists in the esc_listener.py script of Cisco Elastic Services Controllers due to insufficient sanitization of arguments that are passed while authenticating to the monitoring daemon on an affected system. A remote attacker can send a specially crafted request to the monitoring daemon via TCP port 6000 and execute arbitrary commands as the tomcat user.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-6683
Install update from vendor's website.