May 17, 2019
Cisco has released a security advisory, announcing the existence of a REST API authentication bypass vulnerability (CVE-2019-1867) in Cisco Elastic Services Controller (ESC). This vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow an unauthenticated, remote attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system. (more…)
May 2, 2019
Cisco has released a security advisory to announce the fix of a vulnerability (CVE-2019-1710) in Cisco IOS XR 64-bit Software running on Cisco ASR 9000 Series Aggregation Services Routers. This vulnerability is the result of incorrect isolation of the secondary management interface from internal sysadmin applications. An unauthenticated attacker could exploit this vulnerability to log in to an affected device remotely or cause a denial of service. (more…)
April 29, 2019
Cisco officially released a security advisory, announcing the fix of a vulnerability (CVE-2019-1723) existing in the Cisco Common Service Platform Collector (CSPC).
This vulnerability exists because the affected software has a default account with a fixed password. An attacker could exploit this vulnerability to remotely access an affected device by using this account. This account does not have administrative privileges. (more…)