Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the Play Framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to gain full access to the affected system. The vulnerability is due to static, default credentials for the Cisco ESC UI that are shared between installations. An attacker who can extract the static credentials from an existing installation of Cisco ESC could generate an admin session token that allows access to all instances of the ESC web UI. This vulnerability affects Cisco Elastic Services Controller prior to releases 2.3.1.434 and 2.3.2. Cisco Bug IDs: CSCvc76627.
CVSS Information
N/A
Vulnerability Type
权限、特权和访问控制
Vulnerability Title
Cisco Elastic Services Controller 安全漏洞
Vulnerability Description
Cisco Elastic Services Controller(ESC)是美国思科(Cisco)公司的一个开源的模块化系统。 Cisco ESC 2.3.1.434之前的版本和2.3.2之前的版本中的Play Framework存在安全漏洞,该漏洞源于Cisco ESC UI使用了静态默认证书。远程攻击者可利用该漏洞访问ESC web UI中的所用实例。
CVSS Information
N/A
Vulnerability Type
N/A