Cisco Elastic_services_controller
19 CVEs affecting Cisco Elastic_services_controller. Latest disclosed: 2021-01-20. Critical: 3, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-1867 | Critical | 10.0 | 2019-05-10 | A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST… |
CVE-2018-0121 | Critical | 9.8 | 2018-02-22 | A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticate… |
CVE-2017-6713 | Critical | 9.8 | 2017-07-06 | A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the aff… |
CVE-2017-6712 | High | 8.8 | 2017-07-06 | A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run da… |
CVE-2017-6689 | High | 8.8 | 2017-06-13 | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the adm… |
CVE-2017-6688 | High | 8.8 | 2017-06-13 | A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka… |
CVE-2017-6684 | High | 8.8 | 2017-06-13 | A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, ak… |
CVE-2017-6683 | High | 8.8 | 2017-06-13 | A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands… |
CVE-2017-6682 | High | 8.8 | 2017-06-13 | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tom… |
CVE-2017-6697 | Medium | 6.5 | 2017-06-13 | A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials… |
CVE-2017-6691 | Medium | 6.5 | 2017-06-13 | A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affe… |
CVE-2017-6786 | Medium | 6.3 | 2017-08-17 | A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including cred… |
CVE-2017-6776 | Medium | 6.1 | 2017-08-17 | A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripti… |
CVE-2017-6696 | Medium | 5.5 | 2017-06-13 | A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credenti… |
CVE-2017-6693 | Medium | 5.5 | 2017-06-13 | A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored i… |
CVE-2021-1312 | Medium | 5.3 | 2021-01-20 | A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial… |
CVE-2017-6777 | Medium | 4.9 | 2017-08-17 | A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system in… |
CVE-2017-6772 | Medium | 4.3 | 2017-08-17 | A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. The vulnerability is du… |
CVE-2018-0106 | Low | 3.3 | 2018-01-18 | A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive informati… |