VYPR

Elastic Services Controller

by Cisco Systems, Inc.

CVEs (20)

  • CVE-2018-0130CriFeb 22, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to gain administrative access to an affected system. The vulnerability is due to the presence of static…

  • CVE-2018-0121CriFeb 22, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected…

  • CVE-2017-6713CriJul 6, 2017
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between…

  • CVE-2017-6683HigJun 13, 2017
    risk 0.58cvss 8.8epss 0.06

    A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution…

  • CVE-2017-6712HigJul 6, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run certain shell…

  • CVE-2017-6689HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected…

  • CVE-2017-6688HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76).

  • CVE-2017-6684HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0.

  • CVE-2017-6682HigJun 13, 2017
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76).

  • CVE-2017-6697MedJun 13, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. More Information: CSCvd76339. Known Affected Releases: 2.2(9.76).

  • CVE-2017-6691MedJun 13, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2).

  • CVE-2017-6786MedAug 17, 2017
    risk 0.41cvss 6.3epss 0.00

    A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an affected system. The vulnerability is due to improper protection of sensitive log…

  • CVE-2017-6776MedAug 17, 2017
    risk 0.40cvss 6.1epss 0.01

    A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability is due to insufficient validation of…

  • CVE-2017-6696MedJun 13, 2017
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2).

  • CVE-2017-6693MedJun 13, 2017
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected…

  • CVE-2017-6777MedAug 17, 2017
    risk 0.32cvss 4.9epss 0.01

    A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. The vulnerability is due to insufficient protection of sensitive files on the system. An attacker could…

  • CVE-2017-6772MedAug 17, 2017
    risk 0.28cvss 4.3epss 0.01

    A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by authenticating to the…

  • CVE-2018-0106LowJan 18, 2018
    risk 0.21cvss 3.3epss 0.00

    A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this…

  • CVE-2019-1867May 10, 2019
    risk 0.01cvss epss 0.30

    A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by…

  • CVE-2021-1312Jan 20, 2021
    risk 0.00cvss epss 0.03

    A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of…