Critical Vulnerability in Cisco Elastic Services Controller

Cisco released a new security update with the fixes for a critical vulnerability that resides in the Cisco Elastic Services Controller REST API let attackers full control of the system remotely.

Cisco Elastic Services Controller is a virtual network functions manager, which enables businesses to automate the deployment and monitoring of functions running on their virtual environments.

This critical vulnerability affected the Cisco Elastic Services Controller running Software Release 4.1, 4.2, 4.3, or 4.4 when REST API is enabled and it’s disabled by default.

- Advertisement -

Vulnerability main affected the Cisco Elastic Controller due to the improper validation API requests.

A successful exploit of this vulnerability let an attacker execute arbitrary actions through the REST API with administrative privileges on an affected system.

You can check the table that determines the vulnerable version of
Cisco Elastic Services Controller and this vulnerability is fixed in Cisco Elastic Services Controller Release 4.5, According to the Cisco report.

Cisco Elastic Services Controller Major Release	Software Releases with Available Patch
Prior to 4.1	Not vulnerable
4.1	4.1.0.100 4.1.0.111
4.2	4.2.0.74 4.2.0.86
4.3	4.3.0.121 4.3.0.128 4.3.0.134 4.3.0.135
4.4	4.4.0.80 4.4.0.82 4.4.0.86
4.5	Not vulnerable

Check Whether the REST API Is Enabled

Administrators can check whether the REST API is enabled or not by
by running the following command on the ESC virtual machine

sudo netstat -tlnup | grep '8443|8080'

Once the command will be successfully executed, The following example shows the output of the command for a machine that has the REST API service enabled on port 8443.

~/# sudo netstat -tlnup | grep '8443|8080'
.
.
.
tcp6  0  0 :::8443        :::*  LISTEN 2557/java

This vulnerability was found during internal security testing. CVE-2019-1867 is assigned for this vulnerability.

Also Read:

Cisco Fixed Routers Vulnerabilities that Allows Hackers to Run Remote Code with Root Access

Hackers Exploiting More than 9000 Cisco RV320/RV325 Routers After POC published in GitHub

Unpatched Critical Flaw in Cisco Small Business Switches Allows Attackers to Bypass User Authentication

Critical Vulnerability in Cisco Elastic Services Controller Let Hackers Take Full Control of the System Remotely

Defend malware Attacks

Check Whether the REST API Is Enabled

Latest articles

Evasive Panda Attacking Cloud Services To Steal Data Using New Toolkit

Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

Chinese Hackers Attacking Microsoft Customers With Sophisticated Password Spray Attacks

Free Webinar

Protect Websites & APIs from Malware Attack

Discussion points

More like this

New RansomHub Attack Killing Kaspersky’s TDSSKiller To Disable EDR

Chinese Hackers Using Open Source Tools To Launch Cyber Attacks

Researchers Details Attacks On Air-Gaps Computers To Steal Data

How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities

How to Build and Run a Security Operations Center (SOC Guide) – 2023

Network Penetration Testing Checklist – 2024