CVE-2011-0951

The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/43924	Vendor Advisory
http://securitytracker.com/id?1025271
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml	Vendor Advisory
http://www.securityfocus.com/bid/47093
http://www.vupen.com/english/advisories/2011/0821	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66471

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:secure_access_control_system:5.1:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.1:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.2:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.3:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.4:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.5:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.2:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.1:::::::*
	cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.2:::::::*

History

No history.

Information

Published : 2011-04-04 12:27

Updated : 2024-02-28 11:41

NVD link : CVE-2011-0951

Mitre link : CVE-2011-0951

CVE.ORG link : CVE-2011-0951

JSON object : View

Products Affected

cisco

secure_access_control_system

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2011-0951", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-04-04T12:27:36.843", "references": [{"url": "http://secunia.com/advisories/43924", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://securitytracker.com/id?1025271", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/47093", "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0821", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66471", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440."}, {"lang": "es", "value": "La interfaz de gesti\u00f3n basada en web en Cisco Secure Access Control System ( ACS ) v5.1 y v5.2 antes de v5.1.0.44.6 5.2.0.26.3, permite a atacantes remotos cambiar las contrase\u00f1as de usuario de forma arbitraria a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como CSCtl77440 ID de error."}], "lastModified": "2017-08-17T01:33:45.400", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2CF8363-45D0-43C8-B7B9-3F6BC2234A30"}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07DE9E4E-2F14-4A31-AFC3-154B1844AE03"}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "401107FC-A04B-4375-8C3C-33E7180EDA16"}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE77C1EB-585A-453E-80C4-D5CE79A99B50"}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6BC5C61-A23C-4536-B659-75520AC5129C"}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F31E15C-954C-47BF-A461-D4051ADAF1FF"}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE8F7733-1E65-4D6C-91D0-6E0D56F1BD28"}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04BBADC0-EAAB-49D8-94B3-4DA6F308BD77"}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BD85C33-787C-4495-A37F-842098361872"}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09622F03-6BEB-483F-9A67-1E6F78536C61"}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1922B2DD-14C3-458E-9F41-46262B98EC60"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}