CVE-2011-0951

CWE-255 CWE-287 — Improper Authentication4 documents4 sources

Severity

5.0MEDIUM

EPSS

68.0%

top 1.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Access Control System

Timeline

PublishedApr 4

Latest updateMay 17

Description

The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/secure_access_control_system11 versions+10

🔴Vulnerability Details

GHSA

GHSA-4wp6-r9gv-37c2: The web-based management interface in Cisco Secure Access Control System (ACS) 5↗2022-05-17

▶

CVEList

CVE-2011-0951: The web-based management interface in Cisco Secure Access Control System (ACS) 5↗2011-04-01

▶

📋Vendor Advisories

Cisco

Cisco Secure Access Control System Password Modification Vulnerability↗2011-03-30

▶