˼¿ÆElastic Services Controller REST APIÉí·ÝÑéÖ¤Èƹý·ì϶

°ä²¼¹¦·ò 2019-05-09


OG¶«·½Ìü¡¤(Öйú´ó½)


1.²¼¾°ÃèÊö


5ÔÂ7ÈÕ˼¿Æ°ä²¼²¼¸æÐÞ¸´Elastic Services Controller£¨ESC£©ÖеÄÉí·ÝÑéÖ¤Èƹý·ì϶£¨CVE-2019-1867£© ¡£¸Ã·ì϶¿ÉÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷ÕßÈƹýREST APIÖеÄÉí·ÝÑéÖ¤ ¡£


2.Ó°ÏìÁìÓò


CVE ID  £º£º   CVE-2019-1867    
·ì϶µÈ¼¶£º£º   ÑÏÖØ
Ó°ÏìÁìÓò£º£º   Elastic Services Controller  4.1¡¢¡¢¡¢4.2¡¢¡¢¡¢4.3¡¢¡¢¡¢4.4 

CVSSÆÀ·Ö£º£º   10.0


3.·ì϶ÏêÇé


¸Ã·ì϶ÊÇÓÉÓÚREST APIÒªÇóµÄ²»ÕýÈ·ÑéÖ¤Ôì³ÉµÄ ¡£¹¥»÷Õß¿Éͨ¹ýÏòREST API·¢ËͶñÒâÒªÇóÀ´ÀûÓô˷ì϶ ¡£³É¹¦ÀûÓÿÉÔÊÐí¹¥»÷Õßͨ¹ýREST APIÖ´ÐÐËÁÒâ²Ù×÷£¬ £¬£¬²¢»ñµÃÖÎÀíȨÏÞ ¡£


ÓÉÓÚESCĬÈÏδÆôÓÃREST API£¬ £¬£¬ÖÎÀíÔ±¿Éͨ¹ýÔËÐкÅÁîsudo netstat -tlnup | grep '8443|8080'²é¿´µ±Ç°ÊÇ·ñÆôÓÃÁËREST API ¡£ÒÔÏÂʾÀýΪÔڶ˿Ú8443ÉÏÆôÓÃÁËREST API·þÎñµÄÊä³öÁ˾֣º£º

OG¶«·½Ìü¡¤(Öйú´ó½)

4.ÐÞ¸´½¨Òé


´Ë·ì϶ÒÑÔÚCisco Elastic Services Controller°æ±¾4.5ÖÐÐÞ¸´ ¡£ÆäËü²¹¶¡¿ÉÓõİ汾¼ûÏÂ±í£º£º

OG¶«·½Ìü¡¤(Öйú´ó½)

5.²Î¿¼Á´½Ó


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass