Thursday, June 20, 2024

Critical Vulnerability in Cisco Elastic Services Controller Let Hackers Take Full Control of the System Remotely

Cisco released a new security update with the fixes for a critical vulnerability that resides in the Cisco Elastic Services Controller REST API let attackers full control of the system remotely.

Cisco Elastic Services Controller is a virtual network functions manager, which enables businesses to automate the deployment and monitoring of functions running on their virtual environments.

This critical vulnerability affected the Cisco Elastic Services Controller running Software Release 4.1, 4.2, 4.3, or 4.4 when REST API is enabled and it’s disabled by default.

Vulnerability main affected the Cisco Elastic Controller due to the improper validation API requests.

A successful exploit of this vulnerability let an attacker execute arbitrary actions through the REST API with administrative privileges on an affected system.

You can check the table that determines the vulnerable version of
Cisco Elastic Services Controller and this vulnerability is fixed in Cisco Elastic Services Controller Release 4.5, According to the Cisco report.

Cisco Elastic Services Controller Major ReleaseSoftware Releases with Available Patch
Prior to 4.1
Not vulnerable
4.14.1.0.100
4.1.0.111
4.24.2.0.74
4.2.0.86
4.34.3.0.121
4.3.0.128
4.3.0.134
4.3.0.135
4.44.4.0.80
4.4.0.82
4.4.0.86
4.5Not vulnerable

Check Whether the REST API Is Enabled

Administrators can check whether the REST API is enabled or not by
by running the following command on the ESC virtual machine

sudo netstat -tlnup | grep '8443|8080'

Once the command will be successfully executed, The following example shows the output of the command for a machine that has the REST API service enabled on port 8443.

~/# sudo netstat -tlnup | grep '8443|8080'
.
.
.
tcp6  0  0 :::8443        :::*  LISTEN 2557/java 

This vulnerability was found during internal security testing. CVE-2019-1867 is assigned for this vulnerability.

Also Read:

Cisco Fixed Routers Vulnerabilities that Allows Hackers to Run Remote Code with Root Access

Hackers Exploiting More than 9000 Cisco RV320/RV325 Routers After POC published in GitHub

Unpatched Critical Flaw in Cisco Small Business Switches Allows Attackers to Bypass User Authentication

Website

Latest articles

1inch partners with Blockaid to enhance Web3 security through the 1inch Shield

1inch, a leading DeFi aggregator that provides advanced security solutions to users across the...

Hackers Exploit Progressive Web Apps to Steal Passwords

In a concerning development for cybersecurity, hackers are increasingly leveraging Progressive Web Apps (PWAs)...

INE Security: Optimizing Teams for AI and Cybersecurity

2024 is rapidly shaping up to be a defining year in generative AI. While...

Threat Actor Claims Breach of Jollibee Fast-Food Gaint

A threat actor has claimed responsibility for breaching the systems of Jollibee Foods Corporation,...

Threat Actors Claiming Breach of Accenture Employee Data

Threat actors have claimed responsibility for a significant data breach involving Accenture, one of...

Diamorphine Rootkit Exploiting Linux Systems In The Wild

Threat actors exploit Linux systems because they are prevalent in organizations that host servers,...

Amtrak Data Breach: Hackers Accessed User’s Email Address

Amtrak notified its customers regarding a significant security breach involving its Amtrak Guest Rewards...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles