Details of VAR-201905-0251

ID

VAR-201905-0251

CVE

CVE-2019-1867

TITLE

Cisco Elastic Services Controller Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004455

DESCRIPTION

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system. Cisco Elastic Services Controller is prone to an authentication-bypass vulnerability. This may lead to further attacks. This issue is being tracked by Cisco bug ID CSCvn82921. The following products and versions are affected: Cisco ESC Release 4.1, Release 4.2, Release 4.3, Release 4.4

Trust: 2.07

sources: NVD: CVE-2019-1867 // JVNDB: JVNDB-2019-004455 // BID: 108184 // VULHUB: VHN-151039 // VULMON: CVE-2019-1867

AFFECTED PRODUCTS

vendor:	cisco	model:	elastic services controller	scope:	gte	version:	4.1	Trust: 1.0
vendor:	cisco	model:	elastic services controller	scope:	lt	version:	4.5	Trust: 1.0
vendor:	cisco	model:	elastic services controller	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	elastic services controller	scope:	eq	version:	4.4	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	eq	version:	4.3	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	ne	version:	4.5	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	ne	version:	4.4.0.86	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	ne	version:	4.4.0.82	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	ne	version:	4.4.0.80	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	ne	version:	4.3.0.135	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	ne	version:	4.3.0.134	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	ne	version:	4.3.0.128	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	ne	version:	4.3.0.121	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	ne	version:	4.2.0.86	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	ne	version:	4.2.0.74	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	ne	version:	4.1.0.111	Trust: 0.3
vendor:	cisco	model:	elastic services controller	scope:	ne	version:	4.1.0.100	Trust: 0.3

sources: BID: 108184 // JVNDB: JVNDB-2019-004455 // NVD: CVE-2019-1867

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1867
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1867
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-1867
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201905-191
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-151039
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-1867
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1867
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-151039
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-1867
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	6.0
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-151039 // VULMON: CVE-2019-1867 // JVNDB: JVNDB-2019-004455 // CNNVD: CNNVD-201905-191 // NVD: CVE-2019-1867 // NVD: CVE-2019-1867

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-151039 // JVNDB: JVNDB-2019-004455 // NVD: CVE-2019-1867

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-191

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201905-191

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004455

PATCH

title:	cisco-sa-20190507-esc-authbypass	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass	Trust: 0.8
title:	Cisco Elastic Services Controller Software Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92335	Trust: 0.6
title:	Cisco: Cisco Elastic Services Controller REST API Authentication Bypass Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190507-esc-authbypass	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/critical-flaw-in-cisco-elastic-services-controller-allows-full-system-takeover/144452/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-vulnerability-in-elastic-services-controller/	Trust: 0.1

sources: VULMON: CVE-2019-1867 // JVNDB: JVNDB-2019-004455 // CNNVD: CNNVD-201905-191

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1867	Trust: 2.9
db:	BID	id:	108184	Trust: 1.1
db:	JVNDB	id:	JVNDB-2019-004455	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-191	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.1603	Trust: 0.6
db:	VULHUB	id:	VHN-151039	Trust: 0.1
db:	VULMON	id:	CVE-2019-1867	Trust: 0.1

sources: VULHUB: VHN-151039 // VULMON: CVE-2019-1867 // BID: 108184 // JVNDB: JVNDB-2019-004455 // CNNVD: CNNVD-201905-191 // NVD: CVE-2019-1867

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190507-esc-authbypass	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1867	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1867	Trust: 0.8
url:	https://www.securityfocus.com/bid/108184	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/80454	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/critical-flaw-in-cisco-elastic-services-controller-allows-full-system-takeover/144452/	Trust: 0.1

sources: VULHUB: VHN-151039 // VULMON: CVE-2019-1867 // BID: 108184 // JVNDB: JVNDB-2019-004455 // CNNVD: CNNVD-201905-191 // NVD: CVE-2019-1867

CREDITS

Cisco

Trust: 0.9

sources: BID: 108184 // CNNVD: CNNVD-201905-191

SOURCES

db:	VULHUB	id:	VHN-151039
db:	VULMON	id:	CVE-2019-1867
db:	BID	id:	108184
db:	JVNDB	id:	JVNDB-2019-004455
db:	CNNVD	id:	CNNVD-201905-191
db:	NVD	id:	CVE-2019-1867

LAST UPDATE DATE

2024-11-23T22:06:12.122000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-151039	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2019-1867	date:	2019-10-09T00:00:00
db:	BID	id:	108184	date:	2019-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-004455	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201905-191	date:	2019-12-30T00:00:00
db:	NVD	id:	CVE-2019-1867	date:	2024-11-21T04:37:34.337

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-151039	date:	2019-05-10T00:00:00
db:	VULMON	id:	CVE-2019-1867	date:	2019-05-10T00:00:00
db:	BID	id:	108184	date:	2019-05-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-004455	date:	2019-06-03T00:00:00
db:	CNNVD	id:	CNNVD-201905-191	date:	2019-05-07T00:00:00
db:	NVD	id:	CVE-2019-1867	date:	2019-05-10T12:29:00.387