The Cisco Corporation has recently released security updates to address vulnerabilities in Cisco Elastic Services Controller. It is recommended that you take the necessary precautions by ensuring your product is always updated.
Advisory ID: cisco-sa-20190507-esc-authbypass
First Published: 2019 May 7
Version 1.0: Final
Summary: The update has been developed by the Cisco to resolve the vulnerability in the REST API of the Cisco Elastic Controller. This could allow an authenticated, remote attacker to bypass authentication on the REST API.
Affected products: This vulnerability affects Cisco Elastic Services Controller running Software Release 4.1, 4.2, 4.3, or 4.4 when the REST API is enabled. The REST API is not enabled by default.
Fixed Releases: This vulnerability is fixed in Cisco Services Controller Release 4.5
Users are advised to apply the Patch specifically created to address this vulnerability for the release that they are running.
|
Cisco Elastic Services Controller Major Release |
Software Releases with Available Patch |
|
Prior to 4.1 |
Not vulnerable |
|
4.1 |
4.1.0.100 |
|
4.2 |
4.2.0.74 |
|
4.3 |
4.3.0.121 |
|
4.4 |
4.4.0.80 |
|
4.5 |
Not vulnerable |
For more information on the Cisco Security updates you can follow this url:
The Guyana National CIRT recommends users and administration to review these updates and to apply them where necessary.
Reference
Cisco Release Security updates for Elastic Services Controller (US-Cert)