Cisco Release Security Updates for Elastic Services Controller (May 07, 2019)

Description

The Cisco Corporation has recently released security updates to address vulnerabilities in Cisco Elastic Services Controller. It is recommended that you take the necessary precautions by ensuring your product is always updated.

Advisory ID:  cisco-sa-20190507-esc-authbypass

First Published: 2019 May 7

Version 1.0: Final

Summary: The update has been developed by the Cisco to resolve the vulnerability in the REST API of the Cisco Elastic Controller. This could allow an authenticated, remote attacker to bypass authentication on the REST API.

Affected products: This vulnerability affects Cisco Elastic Services Controller running Software Release 4.1, 4.2, 4.3, or 4.4 when the REST API is enabled. The REST API is not enabled by default.

Fixed Releases: This vulnerability is fixed in Cisco Services Controller Release 4.5

Users are advised to apply the Patch specifically created to address this vulnerability for the release that they are running.

Cisco Elastic Services Controller Major Release

Software Releases with Available Patch

Prior to 4.1

Not vulnerable

4.1

4.1.0.100
4.1.0.111

4.2

4.2.0.74
4.2.0.86

4.3

4.3.0.121
4.3.0.128
4.3.0.134
4.3.0.135

4.4

4.4.0.80
4.4.0.82
4.4.0.86

4.5

Not vulnerable

For more information on the Cisco Security updates you can follow this url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass

The Guyana National CIRT recommends users and administration to review these updates and to apply them where necessary.

Reference

•        Cisco Release Security updates for Elastic Services Controller (US-Cert)

https://www.us-cert.gov/ncas/current-activity/2019/05/07/Cisco-Releases-Security-Update-Elastic-Services-Controller