CVE-2019-1867 CRITICAL

CVE-2019-1867: Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability

Vendor Cisco
Product Cisco Elastic Services Controller
Weakness CWE-287 · Improper authentication
Published May 10, 2019
Last update November 19, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system.

Key dates

02Disclosure timeline

May 10, 2019 CVE published
November 19, 2024 Record updated