Skip to main content

Elastic Services Controller

19 CVEs product

Monthly

CVE-2021-1312 HIGH This Week

A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Elastic Denial Of Service Elastic Services Controller
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2019-1867 CRITICAL Act Now

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Cisco Elastic Services Controller
NVD
CVSS 3.0
10.0
EPSS
30.3%
CVE-2018-0121 CRITICAL Act Now

A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Authentication Bypass Cisco Elastic Services Controller Virtual Managed Services
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-0106 LOW Monitor

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Elastic Information Disclosure Cisco Elastic Services Controller
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2017-6786 MEDIUM This Month

A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
6.3
EPSS
0.1%
CVE-2017-6777 MEDIUM This Month

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
4.9
EPSS
0.2%
CVE-2017-6776 MEDIUM This Month

A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Elastic Elastic Services Controller
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6772 MEDIUM This Month

A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2017-6713 CRITICAL Act Now

A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Elastic Elastic Services Controller
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-6712 HIGH This Week

A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Cisco Command Injection Elastic Elastic Services Controller
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-6697 MEDIUM This Month

A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-6696 MEDIUM This Month

A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-6693 MEDIUM This Month

A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Elastic Elastic Services Controller
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-6691 MEDIUM This Month

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-6689 HIGH This Week

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-6688 HIGH This Week

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-6684 HIGH This Week

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure Elastic Services Controller
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-6683 HIGH This Week

A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Cisco Command Injection Elastic Elastic Services Controller
NVD
CVSS 3.0
8.8
EPSS
9.5%
CVE-2017-6682 HIGH This Week

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Cisco Command Injection Elastic Elastic Services Controller
NVD
CVSS 3.0
8.8
EPSS
1.0%
EPSS 3% CVSS 7.5
HIGH This Week

A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Elastic Denial Of Service +1
NVD
EPSS 30% CVSS 10.0
CRITICAL Act Now

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Elastic Cisco +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Authentication Bypass Cisco +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Elastic Information Disclosure Cisco +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability in Cisco Elastic Services Controller could allow an authenticated, local, unprivileged attacker to access sensitive information, including credentials for system accounts, on an. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to acquire sensitive system information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Elastic +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A vulnerability in Cisco Elastic Services Controller (ESC) could allow an authenticated, remote attacker to view sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Elastic +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Cisco Command Injection +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Elastic +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Elastic Information Disclosure +1
NVD
EPSS 9% CVSS 8.8
HIGH This Week

A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Cisco Command Injection +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Cisco Command Injection +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy