cnvd - cnvd-2017-21603

CNVD-2017-21603

Vulnerability from cnvd - Published: 2017-08-18

Title

Cisco Elastic Services Controller未授权访问漏洞

Description

Cisco Elastic Services Controller（ESC）是美国思科（Cisco）公司的一个开源的模块化系统。 Cisco ESC 2.3.1.434之前的版本和2.3.2之前的版本中的Play Framework存在安全漏洞，该漏洞源于Cisco ESC UI使用了静态默认证书。远程攻击者可利用该漏洞访问ESC web UI中的所用实例。

Severity

高

Patch Name

Cisco Elastic Services Controller未授权访问漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2

Reference

http://www.securityfocus.com/bid/99437 http://securityaffairs.co/wordpress/60725/hacking/cisco-elastic-services-controller-flaws.html

Impacted products

Name
['Cisco Elastic Services Controllers <2.3.1.434', 'Cisco Elastic Services Controllers <2.3.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99437"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6713"
    }
  },
  "description": "Cisco Elastic Services Controller\uff08ESC\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u6a21\u5757\u5316\u7cfb\u7edf\u3002\r\n\r\nCisco ESC 2.3.1.434\u4e4b\u524d\u7684\u7248\u672c\u548c2.3.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Play Framework\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eCisco ESC UI\u4f7f\u7528\u4e86\u9759\u6001\u9ed8\u8ba4\u8bc1\u4e66\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95eeESC web UI\u4e2d\u7684\u6240\u7528\u5b9e\u4f8b\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-21603",
  "openTime": "2017-08-18",
  "patchDescription": "Cisco Elastic Services Controller\uff08ESC\uff09\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5f00\u6e90\u7684\u6a21\u5757\u5316\u7cfb\u7edf\u3002\r\n\r\nCisco ESC 2.3.1.434\u4e4b\u524d\u7684\u7248\u672c\u548c2.3.2\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684Play Framework\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eCisco ESC UI\u4f7f\u7528\u4e86\u9759\u6001\u9ed8\u8ba4\u8bc1\u4e66\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95eeESC web UI\u4e2d\u7684\u6240\u7528\u5b9e\u4f8b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Elastic Services Controller\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Elastic Services Controllers \u003c2.3.1.434",
      "Cisco Elastic Services Controllers \u003c2.3.2"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/99437\r\nhttp://securityaffairs.co/wordpress/60725/hacking/cisco-elastic-services-controller-flaws.html",
  "serverity": "\u9ad8",
  "submitTime": "2017-07-07",
  "title": "Cisco Elastic Services Controller\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}

CVE-2017-6713 (GCVE-0-2017-6713)

Vulnerability from cvelistv5 – Published: 2017-07-06 00:00 – Updated: 2024-08-05 15:41

Summary

A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627.

Severity ?

No CVSS data available.

CWE

CWE-264

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/99437	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Elastic Services Controller	Affected: Cisco Elastic Services Controller

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:16.902Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "99437",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99437"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Elastic Services Controller",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Elastic Services Controller"
            }
          ]
        }
      ],
      "datePublic": "2017-07-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-264",
              "description": "CWE-264",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-06T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "99437",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99437"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6713",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Elastic Services Controller",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Elastic Services Controller"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "99437",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99437"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6713",
    "datePublished": "2017-07-06T00:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:41:16.902Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-21603

CVE-2017-6713 (GCVE-0-2017-6713)

Tags

Sightings

Nomenclature