Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:cisco:elastic_services_controller:4.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2021-1312 |
A vulnerability in the system resource management of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) to the health monitor API on an affected device. The vulnerability is due to inadequate provisioning of kernel parameters for the maximum number of TCP connections and SYN backlog. An attacker could exploit this vulnerability by sending a flood of crafted TCP packets to an affected device. A successful exploit could allow the attacker to block TCP listening ports that are used by the health monitor API. This vulnerability only affects customers who use the health monitor API. Published: January 20, 2021; 3:15:17 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-1867 |
A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system. Published: May 10, 2019; 8:29:00 AM -0400 |
V4.0:(not available) V3.0: 10.0 CRITICAL V2.0: 10.0 HIGH |
CVE-2018-0106 |
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an unauthenticated, local attacker to access sensitive information on a targeted system. The vulnerability is due to insufficient security restrictions. An attacker could exploit this vulnerability by accessing unauthorized information within the ConfD directory and file structure. Successful exploitation could allow the attacker to view sensitive information. Cisco Bug IDs: CSCvg00221. Published: January 18, 2018; 1:29:01 AM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0: 2.1 LOW |