CVE-2012-3063 — Race Condition in Cisco Application Control Engine Software

CWE-362 — Race Condition4 documents4 sources

Severity

7.1HIGHNVD

CNA7.8

EPSS

0.1%

top 67.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Application Control Engine Software

Timeline

PublishedJun 20

Latest updateMay 17

Description

Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/application_control_engine_softwarea4\(2.0\)+18

🔴Vulnerability Details

GHSA

GHSA-7gv3-h552-264c: Cisco Application Control Engine (ACE) before A4(2↗2022-05-17

▶

CVEList

CVE-2012-3063: Cisco Application Control Engine (ACE) before A4(2↗2012-06-20

▶

📋Vendor Advisories

Cisco

Cisco Application Control Engine Administrator IP Address Overlap Vulnerability↗2012-06-20

▶