"Critical flaw allows attackers to take over Cisco Elastic Services Controllers"

Cisco had a critical flaw which allowed attackers to take over Cisco Elastic Services Controllers (ESC). ESC is a popular enterprise software for managing virtualized resources. The vulnerability is due to improper validation of API requests. An attacker who found the flaw could exploit this vulnerability by sending a crafted request to the REST API. A successful exploit could allow the attacker to execute arbitrary actions through the REST API with administrative privileges on an affected system. The flaw has since been patched on the critical, remotely exploitable authentication bypass vulnerability in Cisco Elastic Services Controller.

HELPNETSECURITY reports: "Critical flaw allows attackers to take over Cisco Elastic Services Controllers"