Critical vulnerability found on Cisco Elastic Services Controller Credit: CiscoSupplied Art
Security

Critical vulnerability found on Cisco Elastic Services Controller

A vulnerability ranked "critical" was found in the REST API of Cisco Elastic Services Controller (ESC), the networking giant revealed today.

The issue could allow an unauthenticated, remote attacker to bypass authentication on the REST API, potentially enabling an attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system.

According to Cisco, the vulnerability is due to "improper validation of API requests". An attacker could exploit this vulnerability by sending a crafted request to the REST API.

It affects Cisco Elastic Services Controller running software release 4.1, 4.2, 4.3, or 4.4 when the REST API is enabled. The 4.5 release is not vulnerable.

"The Cisco Product Security Incident Response Team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory," Cisco said in its advisory.

Cisco has issued software updates that address the problem but no workarounds available.

Cisco ESC is a Virtual Network Functions Manager (VNFM), which performs life-cycle management of virtual network functions.

Built as an open and a modular system, it provides a single point of control to manage all aspects of VNF life-cycle for generic VNFs in a dynamic environment.

Users can control the full life-cycle of all of their virtualised resources, whether using Cisco or third-party VNFs, allowing customers to choose industry solutions.

Read more: VAR partners may not survive cloud boom: TBR

PREVIOUS ARTICLE

« Lenovo puts AMD Ryzen chips in ThinkPads, giving Intel's rival a boost

NEXT ARTICLE

How ServiceNow plans on remedying employee workplace woes »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

Poll

Do you think your smartphone is making you a workaholic?