CVE-2017-6683

HIGH

Cisco Elastic Services Controller 2.2(9.76) - Authenticated Remote Code Execution via esc_listener.py

Title source: llm
STIX 2.1

Description

A vulnerability in the esc_listener.py script of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to execute arbitrary commands as the tomcat user on an affected system, aka an Authentication Request Processing Arbitrary Command Execution Vulnerability. More Information: CSCvc76642. Known Affected Releases: 2.2(9.76).

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/98982

Scores

CVSS v3 8.8
EPSS 0.0586
EPSS Percentile 92.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (2)
cisco/elastic_services_controller 2.2\(9.76\)
n/a/Cisco Elastic Services Controller Cisco Elastic Services Controller
Published Jun 13, 2017
Tracked Since Feb 18, 2026