Critical vulnerability found on Cisco Elastic Services Controller Credit: CiscoSupplied Art

Critical vulnerability found on Cisco Elastic Services Controller

A vulnerability ranked "critical" was found in the REST API of Cisco Elastic Services Controller (ESC), the networking giant revealed today.

The issue could allow an unauthenticated, remote attacker to bypass authentication on the REST API, potentially enabling an attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system.

According to Cisco, the vulnerability is due to "improper validation of API requests". An attacker could exploit this vulnerability by sending a crafted request to the REST API.

It affects Cisco Elastic Services Controller running software release 4.1, 4.2, 4.3, or 4.4 when the REST API is enabled. The 4.5 release is not vulnerable.

"The Cisco Product Security Incident Response Team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory," Cisco said in its advisory.

Cisco has issued software updates that address the problem but no workarounds available.

Cisco ESC is a Virtual Network Functions Manager (VNFM), which performs life-cycle management of virtual network functions.

Built as an open and a modular system, it provides a single point of control to manage all aspects of VNF life-cycle for generic VNFs in a dynamic environment.

Users can control the full life-cycle of all of their virtualised resources, whether using Cisco or third-party VNFs, allowing customers to choose industry solutions.

Read more: VAR partners may not survive cloud boom: TBR


« Lenovo puts AMD Ryzen chips in ThinkPads, giving Intel's rival a boost


How ServiceNow plans on remedying employee workplace woes »
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail


Do you think your smartphone is making you a workaholic?