Cisco issued a security advisory for a bypass a critical susceptibility in its REST API of Cisco Elastic Services Controller.
The company said that the fault, CVE-2019-1867, could permit an unverified, remote invader to avoid verification on the REST API. The issue is triggered by an inappropriate authentication of API requests that can be exploited with a fashioned request to the REST API leading to giving an invader the capacity to perform random actions with administrative privileges.
Cisco Elastic Services Controller running Software Release 4.1, 4.2, 4.3, or 4.4 when the REST API is allowed are all affected by this susceptibility. Cisco has released an update to take care of the issue, but also said there are no workarounds presently available.