Lucene search
K
CiscoElastic Services Controller

19 matches found

CVE
CVE
added 2017/08/17 8:0 p.m.68 views

CVE-2017-6786

A vulnerability in Cisco Elastic Services Controller (ESC) allows an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, due to improper protection of sensitive log files. An attacker can log in to an affected ESC and access unpr...

6.3CVSS6.2AI score0.00299EPSS
CVE
CVE
added 2019/05/10 12:5 p.m.65 views

CVE-2019-1867

CVE-2019-1867 affects Cisco Elastic Services Controller (ESC) REST API authentication; an unauthenticated, remote attacker could bypass REST API authentication due to improper validation of API requests, potentially executing arbitrary actions with administrative privileges. Exploitable on ESC re...

10CVSS9.8AI score0.30342EPSS
CVE
CVE
added 2017/08/17 8:0 p.m.60 views

CVE-2017-6776

CVE-2017-6776 affects Cisco Elastic Services Controller (ESC) web framework. It allows an unauthenticated, remote attacker to perform cross-site scripting (XSS) by abusing insufficient validation of user-supplied input. Exploitation could execute arbitrary script code or access browser-based info...

6.1CVSS6AI score0.00868EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.57 views

CVE-2017-6696

Cisco Elastic Services Controller (ESC) contains an information-disclosure vulnerability in its file-system credential repository. An authenticated, local attacker could access sensitive user credentials stored on an affected system due to insufficient access control over the credential repositor...

5.5CVSS5.5AI score0.00307EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.53 views

CVE-2017-6688

CVE-2017-6688 affects Cisco Elastic Services Controller (ESC). A vulnerability exists due to an insecure default password for the Linux root account, enabling an authenticated, remote attacker to log in as root on an affected ESC instance. Known affected release: 2.2(9.76). Cisco Security Advisor...

9CVSS8.4AI score0.02276EPSS
CVE
CVE
added 2017/08/17 8:0 p.m.52 views

CVE-2017-6772

CVE-2017-6772 affects Cisco Elastic Services Controller (ESC) v2.3(2). A vulnerability causes information disclosure due to insufficient protection of sensitive data. An authenticated, remote attacker can view sensitive system configuration files by logging in and navigating to certain configurat...

4.3CVSS4.6AI score0.00941EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.51 views

CVE-2017-6691

CVE-2017-6691 affects Cisco Elastic Services Controller (ESC) and its ConfD CLI. The issue arises from improper permissions on certain files in the affected service, enabling an authenticated, remote attacker to access sensitive information on the system. Affected release noted: ESC 2.3(2). Cisco...

6.5CVSS6.3AI score0.01203EPSS
CVE
CVE
added 2021/01/20 8:1 p.m.49 views

CVE-2021-1312

Cisco Elastic Services Controller (ESC) is affected by CVE-2021-1312, a DoS in the system resource management that can be triggered by a flood of crafted TCP packets to block TCP listen ports used by the health monitor API. The root cause is inadequate provisioning of kernel parameters for the ma...

7.5CVSS6AI score0.02524EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.48 views

CVE-2017-6683

CVE-2017-6683 affects Cisco Elastic Services Controller, specifically the esc_listener.py script. An authenticated, remote attacker could execute arbitrary commands as the tomcat user due to insufficient sanitization of arguments during authentication to the monitoring daemon (port 6000). Affecte...

9CVSS9.1AI score0.05856EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.48 views

CVE-2017-6689

CVE-2017-6689 is a Cisco Elastic Services Controller vulnerability affecting the ConfD CLI, caused by a default, hard-coded admin password. An authenticated remote attacker could log in as admin (SSH port 2024) on affected systems. Known affected release: 2.2(9.76). Cisco advisory notes there are...

8.8CVSS8.5AI score0.01499EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.48 views

CVE-2017-6697

Cisco Elastic Services Controller (ESC) Web Interface Information Disclosure vulnerability (CVE-2017-6697) allows an authenticated, remote attacker to access sensitive system credentials stored in an affected ESC web interface. Root cause: insufficient access control to the credential repository ...

6.5CVSS6.4AI score0.01203EPSS
CVE
CVE
added 2018/02/22 12:0 a.m.47 views

CVE-2018-0121

Cisco Elastic Services Controller Software Release 3.0.0 contains an authentication bypass in the web-based service portal. The issue arises from improper security restrictions in the portal, allowing an unauthenticated remote attacker to bypass authentication by submitting an empty password valu...

9.8CVSS10AI score0.02562EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.46 views

CVE-2017-6682

CVE-2017-6682 affects Cisco Elastic Services Controller (ESC) where the ConfD CLI allows an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user due to insufficient sanitization of allowed ConfD CLI commands. Affected release noted: 2.2(9.76). The issue enables comman...

8.8CVSS8.6AI score0.02207EPSS
CVE
CVE
added 2017/07/06 12:0 a.m.46 views

CVE-2017-6712

CVE-2017-6712 affects Cisco Elastic Services Controller (ESC) prior to releases 2.3.1.434 and 2.3.2. The root cause is a misconfiguration allowing a "tomcat" user to execute shell commands, enabling arbitrary file overwrites and privilege escalation to root. Documents consistently describe an aut...

9CVSS8.6AI score0.02046EPSS
CVE
CVE
added 2017/07/06 12:0 a.m.46 views

CVE-2017-6713

CVE-2017-6713 affects Cisco Elastic Services Controller (ESC) where the Play Framework UI uses static, default credentials shared across installations. The root cause is these credentials enabling an unauthenticated attacker to generate an admin session token and gain full web UI access. Affected...

10CVSS9.5AI score0.02927EPSS
CVE
CVE
added 2017/08/17 8:0 p.m.46 views

CVE-2017-6777

The CVE-2017-6777 vulnerability affects Cisco Elastic Services Controller (ESC) in the ConfD server component, where insufficient protection of sensitive files allows an authenticated remote attacker to view configuration parameters and obtain sensitive system information. Affected releases are 2...

4.9CVSS5.1AI score0.01216EPSS
CVE
CVE
added 2018/01/18 6:0 a.m.46 views

CVE-2018-0106

CVE-2018-0106 affects the Cisco Elastic Services Controller (ESC) and its embedded ConfD server . The vulnerability is due to insufficient security restrictions in the ConfD directory/file structure, enabling an unauthenticated, local attacker to view sensitive information on the targeted system....

3.3CVSS3.7AI score0.00296EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.44 views

CVE-2017-6684

Cisco Elastic Services Controller (ESC) contains an insecure default credentials vulnerability. An authenticated attacker could log in as the Linux admin user due to a default, weak, hard-coded password. Affected release: 21.0.0. The Cisco advisory notes there are no workarounds; it does not spec...

9CVSS8.4AI score0.02276EPSS
CVE
CVE
added 2017/06/13 6:0 a.m.44 views

CVE-2017-6693

CVE-2017-6693 concerns the Cisco Elastic Services Controller (ESC) ConfD server component. The issue allows an authenticated, local attacker to access information stored on the file system of an affected system (Unauthorized Directory Access). Affected releases are reported as 2.2(9.76) and 2.3(1...

5.5CVSS5.2AI score0.00275EPSS