As Cisco’s weekly security update list shows, there are some major vulnerabilities. Greatly affecting both the Elastic Services Controller and the Ultra Services Framework, the bugs require immediate attention.
Elastic Services Controller vulnerabilities
The Elastic Services Controller vulnerability can potentially help attackers to fully take over the affected system. The weak spot is caused by static, default credentials shared between different installations.
Getting ahold of the credentials would enable an attacker to remotely gain access and log into the controller’s UI. As Switchzilla mentions, cybercriminals “could generate an admin session token that allows access to all instances of the ESC web UI.”
The Elastic Services Controller also has bugs in some of its commands. The problem is a “tomcat” user has control over shell commands, allowing him “to overwrite any file on the filesystem and elevate privileges to root.”
The bug could as well enable the attacker to remotely execute “dangerous commands on the server”.
Ultra Services Framework vulnerabilities
One of the vulnerabilities has to do with the Ultra Automation Service (UAS). It potentially enables an attacker to take control over a targeted device.
The attacker could make use of an unreliable configuration of the Apache ZooKeeper to get to the “affected device through the orchestrator network.” As a result, the attacker would be able to access ZooKeeper data nodes as well as affect the high-availability feature of the system.
Caused by incorrect shell invocations, a bug has been detected in the Ultra Services Framework Staging Server. Exploitation of this vulnerability would enable an attacker to remotely “execute Linux shell commands” or perform arbitrary shell commands as a root user.
The AutoVNF tool has been also hit by vulnerability in the admin credentials. The software “logs its administrative credentials in clear text,” which is the cause of the bug. Exploitation of the flaw could enable an attacker to get ahold of the “credentials for Cisco ESC and Cisco OpenStack deployments in the affected system,” which would further allow the hacker to pull more attacks.
Another bug that makes AutoVNF vulnerable has been detected in its symbolic link. The flaw is the result of the “absence of validation checks for the input that is used to create symbolic links.”
If successfully exploited, this vulnerability could potentially enable an attacker to gain unauthorized access to sensitive data as well as perform malicious code.