CVE-2011-0951

The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/47093
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml	Vendor Advisory
http://securitytracker.com/id?1025271
http://www.vupen.com/english/advisories/2011/0821	Vendor Advisory
http://secunia.com/advisories/43924	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66471

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.1:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.2:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.2:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.3:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.4:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.1:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.1:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.5:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.2:::::::*

Information

Published : 2011-04-04 05:27

Updated : 2017-08-16 18:33

NVD link : CVE-2011-0951

Mitre link : CVE-2011-0951

JSON object : View

CWE

CWE-255

Credentials Management Errors

Products Affected

cisco

secure_access_control_system

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/47093", "name": "47093", "tags": [], "refsource": "BID"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml", "name": "20110330 Cisco Secure Access Control System Unauthorized Password Change Vulnerability", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://securitytracker.com/id?1025271", "name": "1025271", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2011/0821", "name": "ADV-2011-0821", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/43924", "name": "43924", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66471", "name": "cisco-acs-interface-security-bypass(66471)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-0951", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-04-04T12:27Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_system:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_system:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:33Z"}

5.0 /10