Home Unlabelled Cisco Elastic Services Controller Arbitrary Command Execution Vulnerability

Cisco Elastic Services Controller Arbitrary Command Execution Vulnerability

By
Wednesday, July 05, 2017
Read
Add Comment
A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server.

The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing the user to overwrite any file on the filesystem and elevate privileges to root. An exploit could allow an authenticated, remote attacker to elevate privileges and run dangerous commands on the server.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 

This advisory is available at the following link:
http://ift.tt/2tQUK9n A vulnerability in certain commands of Cisco Elastic Services Controller could allow an authenticated, remote attacker to elevate privileges to root and run dangerous commands on the server.

The vulnerability occurs because a "tomcat" user on the system can run certain shell commands, allowing the user to overwrite any file on the filesystem and elevate privileges to root. An exploit could allow an authenticated, remote attacker to elevate privileges and run dangerous commands on the server.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. 

This advisory is available at the following link:
http://ift.tt/2tQUK9n
Security Impact Rating: High
CVE: CVE-2017-6712

from Cisco Security Advisory http://ift.tt/2tQUK9n
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us