PT-2017-17267 · Cisco+1 · Cisco Elastic Services Controller+1

Publicado

2017-07-06

Atualizado

2019-10-09

CVE-2017-6713

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco Elastic Services Controller versions prior to 2.3.1.434 and 2.3.2

Description A vulnerability in the Play Framework of Cisco Elastic Services Controller could allow an unauthenticated, remote attacker to gain full access to the affected system. This is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI.

Recommendations For versions prior to 2.3.1.434, update to release 2.3.1.434 or later. For versions prior to 2.3.2, update to release 2.3.2 or later.

Correção

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770CWE-264

Identificadores relacionados

CVE-2017-6713

Produtos afetados

Cisco Elastic Services Controller

Play Framework

PT-2017-17267 · Cisco+1 · Cisco Elastic Services Controller+1

CVE-2017-6713

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4