˼¿ÆElastic Services Controller REST APIÉí·ÝÑéÖ¤Èƹý©¶´

Ðû²¼Ê±¼ä 2019-05-09


¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


1.Åä¾°ÃèÊö


5ÔÂ7ÈÕ˼¿ÆÐû²¼Í¨¸æÐÞ¸´Elastic Services Controller£¨ESC£©ÖеÄÉí·ÝÑéÖ¤Èƹý©¶´£¨CVE-2019-1867£©¡£¸Ã©¶´¿ÉÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷ÕßÈƹýREST APIÖеÄÉí·ÝÑéÖ¤¡£


2.Ó°Ï췶Χ


CVE ID  £º   CVE-2019-1867    
©¶´Æ·¼¶£º   ÑÏÖØ
Ó°Ï췶Χ£º   Elastic Services Controller  4.1¡¢4.2¡¢4.3¡¢4.4 

CVSSÆÀ·Ö£º   10.0


3.©¶´ÏêÇé


¸Ã©¶´ÊÇÓÉÓÚREST APIÇëÇóµÄ²»ÕýÈ·ÑéÖ¤Ôì³ÉµÄ¡£¹¥»÷Õß¿Éͨ¹ýÏòREST API·¢ËͶñÒâÇëÇóÀ´ÀûÓôË©¶´¡£ÀÖ³ÉÀûÓÿÉÔÊÐí¹¥»÷Õßͨ¹ýREST APIÖ´ÐÐÈÎÒâ²Ù×÷£¬²¢»ñµÃ¹ÜÀíȨÏÞ¡£


ÓÉÓÚESCĬÈÏδÆôÓÃREST API£¬¹ÜÀíÔ±¿Éͨ¹ýÔËÐÐÃüÁîsudo netstat -tlnup | grep '8443|8080'¼ì²ìµ±Ç°ÊÇ·ñÆôÓÃÁËREST API¡£ÒÔÏÂʾÀýΪÔڶ˿Ú8443ÉÏÆôÓÃÁËREST API·þÎñµÄÊä³ö½á¹û£º

¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾

4.ÐÞ¸´½¨Òé


´Ë©¶´ÒÑÔÚCisco Elastic Services Controller°æ±¾4.5ÖÐÐÞ¸´¡£ÆäËü²¹¶¡¿ÉÓõİ汾¼ûÏÂ±í£º

¶«É­¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾

5.²Î¿¼Á´½Ó


https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass