Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cisco elastic services controller vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2019-1867
A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote malicious user to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability...
Cisco Elastic Services Controller
9.8
CVSSv3
CVE-2018-0121
A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote malicious user to bypass authentication and execute arbitrary actions with administrator privileges on an affec...
Cisco Elastic Services Controller 3.0.0
Cisco Virtual Managed Services 3.0
1 Article
9.8
CVSSv3
CVE-2018-0130
A vulnerability in the use of JSON web tokens by the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote malicious user to gain administrative access to an affected system. The vulnerability is due to the presence of stati...
Cisco Virtual Managed Services 3.0
9.8
CVSSv3
CVE-2017-6713
A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote malicious user to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between ...
Cisco Elastic Services Controller 2.0
Cisco Elastic Services Controller 1.1.0
Cisco Elastic Services Controller 2.2.0
Cisco Elastic Services Controller 1.0.0
Cisco Elastic Services Controller 2.3.0
Cisco Elastic Services Controller 2.1.0
9.8
CVSSv3
CVE-2017-6709
A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote malicious user to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerabili...
Cisco Ultra Services Framework
8.8
CVSSv3
CVE-2017-6712
A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote malicious user to elevate privileges to root and run dangerous commands on the server. The vulnerability occurs because a "tomcat" user on the system can run ce...
Cisco Elastic Services Controller 2.3.0
Cisco Elastic Services Controller 2.0
Cisco Elastic Services Controller 1.0.0
Cisco Elastic Services Controller 2.1.0
Cisco Elastic Services Controller 1.1.0
Cisco Elastic Services Controller 2.2.0
8.8
CVSSv3
CVE-2017-6682
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote malicious user to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.2(9.76).
Cisco Elastic Services Controller 2.2\\(9.76\\)
8.8
CVSSv3
CVE-2017-6683
A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote malicious user to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vul...
Cisco Elastic Services Controller 2.2\\(9.76\\)
8.8
CVSSv3
CVE-2017-6684
A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote malicious user to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Releases: 21.0.0.
Cisco Elastic Services Controller 21.0.0
8.8
CVSSv3
CVE-2017-6688
A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote malicious user to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76).
Cisco Elastic Services Controller 2.2\\(9.76\\)
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »