Cisco Elastic Services Controller Elevation of Privilege Vulnerability

Cisco Elastic Services Controller ESC is an open source modular system from Cisco USA. An arbitrary command execution vulnerability exists in Cisco ESC versions prior to 2.3.1.434 and prior to 2.3.2, which originates from a tomcat user on the system that can overwrite arbitrary files on the file...

CVE-2017-6712

A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing th...