- Detalji os-a: WN7
- Važnost: URG
- Operativni sustavi: L
- Kategorije: CIS
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco Elastic Services Controller Unauthorized Access Vulnerability
Advisory ID: cisco-sa-20170705-esc2
Revision: 1.0
For Public Release: 2017 July 5 16:00 GMT
Last Updated: 2017 July 5 16:00 GMT
CVE ID(s): CVE-2017-6713
CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+———————————————————————
Summary
=======
A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system.
The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2 [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2”]
—–BEGIN PGP SIGNATURE—–
iQKBBAEBAgBrBQJZXQ8JZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHk00w/8CeCeVzuG2xmoritf
m4eTXY4WRspXCQA/Fj4+gpuRFmA8VxhfLdJ1fL4uQFlVi49BCLyL6nnxvobxbEa4
zL+l4BBjuSWR+PXXxXgLgho0XI+kwffQPCERtbB8S42mlTeC4znt7lCJ5lBSRZX6
qRO8L7+9K/hO+/NCxhMJxPrzKDPnQQnL85qTD+FNqINNxklvXHG4DAaVTA7r53qc
YVCuCKEM4LZk2m53xM1x+o4N36L/U43Oubg+NNy2nWWkBL1zKulXCAfsQEX5dN0L
pnq0Di2CiqWLedzqpL2/d/w8zzOBb/IvJm5uHVbQeWxZMneqOua9GLx6w0DFeTcc
uce8aHvQ8zWODBAojyP8Penkb8R4dUWvf6A/ttgCSPykNLH1DfB0zDHTKBiIT2B4
qYcK31sgmC2hz03JxXcLlB7VWtIXlY7RVNAV1P5Iz+rXqsuBId1167a9jFpEoIhZ
TN44KpZZi4HlznuIfWKVsqt8W9AQhEc8R9o/X/ltdfx8hKjA59ag0OF7GSPDTbjz
67MakNadwrKx5g2+KzQtlNoph8dRH1FeithfgfOYrWF17aYolfpEDmcKveMCVQxS
mbfTBxyhlv4fQ+3JDML4FjfQDn89puQr/E010OdEMxgpKJ04+rtWxXGxxpo87e3P
CKbkpO0kUjzKowYJGZNNLbC5LyI=
=11TG
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com
| Autor | Vlatka Misic |
| Cert id | NCERT-REF-2017-07-0031-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
