CVE-2011-3293

Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/49101
http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt
http://www.securityfocus.com/bid/53436
http://secunia.com/advisories/49101
http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt
http://www.securityfocus.com/bid/53436

Configurations

Configuration 1 (hide)

cpe:2.3:h:cisco:secure_access_control_server:5.2:*:*:*:*:*:*:*

History

21 Nov 2024, 01:30

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/49101 -~~	() http://secunia.com/advisories/49101 -
References	~~() http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt -~~	() http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt -
References	~~() http://www.securityfocus.com/bid/53436 -~~	() http://www.securityfocus.com/bid/53436 -

Information

Published : 2012-05-02 10:09

Updated : 2024-11-21 01:30

NVD link : CVE-2011-3293

Mitre link : CVE-2011-3293

CVE.ORG link : CVE-2011-3293

JSON object : View

Products Affected

cisco

secure_access_control_server

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2011-3293", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-05-02T10:09:21.380", "references": [{"url": "http://secunia.com/advisories/49101", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt", "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/53436", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/49101", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/53436", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el Solution Engine en Cisco Secure Access Control Server (ACS) v5.2, permite a atacantes remotos secuestrar la autentificaci\u00f3n de los administradores en solicitudes que insertan secuencias de comandos en sitios cruzados (XSS), tambi\u00e9n conocido como Bug ID CSCtr78143."}], "lastModified": "2024-11-21T01:30:12.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:secure_access_control_server:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19DD8E24-802E-4D20-A054-7B76FB7A83B8"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}