Auth bypass in Cisco Elastic Services Controller
CVE-2019-1867
A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attack…
Vulnerability class: Broken Authentication
EPSS: 0.303 (98.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Cisco Elastic Services Controller — versions unspecified, unspecified, unspecified
- Cisco Elastic_services_controller
Weakness classification (CWE)
References
- psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2019-1867?
- CVE-2019-1867 is a critical-severity vulnerability in Cisco Elastic Services Controller, classified under Improper Authentication. CVSS score: 10.0/10. Published 2019-05-10.
- How severe is CVE-2019-1867?
- Critical severity. CVSS v3 base score is 10.0 out of 10.