Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper security restrictions that are imposed by the web-based service portal of the affected software. An attacker could exploit this vulnerability by submitting an empty password value to an affected portal when prompted to enter an administrative password for the portal. A successful exploit could allow the attacker to bypass authentication and gain administrator privileges for the web-based service portal of the affected software. This vulnerability affects Cisco Elastic Services Controller Software Release 3.0.0. Cisco Bug IDs: CSCvg29809.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
Cisco Elastic Services Controller Software 安全漏洞
Vulnerability Description
Cisco Elastic Services Controller Software(ESC)是美国思科(Cisco)公司的一套开源的用于管理虚拟资源的模块化系统。 Cisco Elastic ESC 3.0.0版本中基于Web的业务门户的身份验证功能存在身份验证绕过漏洞,该漏洞源于不正确的安全限制。远程攻击者可通过向受影响的门户提交空密码利用该漏洞绕过身份验证,并获取基于Web服务门户的管理员权限。
CVSS Information
N/A
Vulnerability Type
N/A