漏洞标题
N/A
漏洞描述信息
Cisco Elastic Services Controller软件基于Web的的服务门户验证功能的一个漏洞可能导致未验证的远程攻击者绕过验证并在受影响的系统上进行具有管理员权限的任意操作。该漏洞是由于受影响软件的基于Web的服务门户施加的不当安全限制导致的。攻击者可以通过在提示为门户输入管理员密码时向受影响的门户提交空密码值来利用此漏洞。一个成功的漏洞利用将使攻击者绕过验证,并获得受影响软件基于Web的服务门户的管理员权限。该漏洞影响Cisco Elastic Services Controller软件版本3.0.0。Cisco bug ID: CSCvg29809。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper security restrictions that are imposed by the web-based service portal of the affected software. An attacker could exploit this vulnerability by submitting an empty password value to an affected portal when prompted to enter an administrative password for the portal. A successful exploit could allow the attacker to bypass authentication and gain administrator privileges for the web-based service portal of the affected software. This vulnerability affects Cisco Elastic Services Controller Software Release 3.0.0. Cisco Bug IDs: CSCvg29809.
CVSS信息
N/A
漏洞类别
认证机制不恰当
漏洞标题
Cisco Elastic Services Controller Software 安全漏洞
漏洞描述信息
Cisco Elastic Services Controller Software(ESC)是美国思科(Cisco)公司的一套开源的用于管理虚拟资源的模块化系统。 Cisco Elastic ESC 3.0.0版本中基于Web的业务门户的身份验证功能存在身份验证绕过漏洞,该漏洞源于不正确的安全限制。远程攻击者可通过向受影响的门户提交空密码利用该漏洞绕过身份验证,并获取基于Web服务门户的管理员权限。
CVSS信息
N/A
漏洞类别
授权问题