#VU10696 Privilege escalation in Elastic Services Controller
Vulnerability identifier: #VU10696
Vulnerability risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Elastic Services Controller
Server applications /
Remote management servers, RDP, SSH
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to gain elevated privileges on the target system.
The weakness exists in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software due to improper security restrictions that are imposed by the web-based service portal. A remote attacker can submit an empty password value to an affected portal when prompted to enter an administrative password for the portal, bypass authentication and gain administrator privileges for the web-based service portal.
Mitigation
Update to version 3.1(0.116).
Vulnerable software versions
Elastic Services Controller: 3.0.0
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-esc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
