Categories: Network SecuritySecurity HackerSecurity Updates

Critical Vulnerability in Cisco Elastic Services Controller Let Hackers Take Full Control of the System Remotely

Cisco released a new security update with the fixes for a critical vulnerability that resides in the Cisco Elastic Services Controller REST API let attackers full control of the system remotely.

Cisco Elastic Services Controller is a virtual network functions manager, which enables businesses to automate the deployment and monitoring of functions running on their virtual environments.

This critical vulnerability affected the Cisco Elastic Services Controller running Software Release 4.1, 4.2, 4.3, or 4.4 when REST API is enabled and it’s disabled by default.

Vulnerability main affected the Cisco Elastic Controller due to the improper validation API requests.

A successful exploit of this vulnerability let an attacker execute arbitrary actions through the REST API with administrative privileges on an affected system.

You can check the table that determines the vulnerable version of
Cisco Elastic Services Controller and this vulnerability is fixed in Cisco Elastic Services Controller Release 4.5, According to the Cisco report.

Cisco Elastic Services Controller Major ReleaseSoftware Releases with Available Patch
Prior to 4.1
Not vulnerable
4.14.1.0.100
4.1.0.111
4.24.2.0.74
4.2.0.86
4.34.3.0.121
4.3.0.128
4.3.0.134
4.3.0.135
4.44.4.0.80
4.4.0.82
4.4.0.86
4.5Not vulnerable

Check Whether the REST API Is Enabled

Administrators can check whether the REST API is enabled or not by
by running the following command on the ESC virtual machine 

sudo netstat -tlnup | grep '8443|8080'

Once the command will be successfully executed, The following example shows the output of the command for a machine that has the REST API service enabled on port 8443. 

~/# sudo netstat -tlnup | grep '8443|8080'
.
.
.
tcp6  0  0 :::8443        :::*  LISTEN 2557/java

This vulnerability was found during internal security testing. CVE-2019-1867 is assigned for this vulnerability.

Also Read:

Cisco Fixed Routers Vulnerabilities that Allows Hackers to Run Remote Code with Root Access

Hackers Exploiting More than 9000 Cisco RV320/RV325 Routers After POC published in GitHub

Unpatched Critical Flaw in Cisco Small Business Switches Allows Attackers to Bypass User Authentication

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Leave a Comment
Share
Published by
Balaji
Tags: cisco Elastic ServicesCisco Security updatescisco vulnerability
6 years ago

Recent Posts

Genea IVF Clinic Cyberattack Threatens Thousands of Patient Records

A significant cybersecurity breach at Genea, one of Australia’s largest in vitro fertilization (IVF) providers,…

17 minutes ago

GRUB2 Flaws Expose Millions of Linux Devices to Exploitation

A critical set of 20 security vulnerabilities in GRUB2, the widely used bootloader for Linux…

2 hours ago

Orange Communication Breached – Hackers Allegedly Claim 380,000 Email Records Exposed

Telecommunications provider Orange Communication faces a potential data breach after a threat actor using the pseudonym “Rey” claimed…

2 hours ago

RSync Vulnerabilities Allow Hackers to Take Full Control of Servers – PoC Released

A series of critical security vulnerabilities in the widely-used Rsync file synchronization tool have been…

4 hours ago

Millions of WordPress Websites Vulnerable to Script Injection Due to Plugin Flaw

A critical security vulnerability in the Essential Addons for Elementor plugin, installed on over 2 million WordPress…

4 hours ago

New Undetectable Batch Script Uses PowerShell and Visual Basic to Install XWorm

A novel malware delivery framework employing advanced obfuscation techniques has evaded detection by security tools…

5 hours ago