CVE-2015-0673
published 2015-03-26CVE-2015-0673: Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2)…
PriorityP423medium4CVSS 2.0
AVNACLAuSCPINAN
EPSS
1.34%
67.7th percentile
Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | mobility_services_engine | — | — |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_cisco4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xmp2-8crv-9642: Cisco Mobility Services Engine (MSE) 8
ghsa_unreviewed·2022-05-17
CVE-2015-0673 [MEDIUM] CWE-200 GHSA-xmp2-8crv-9642: Cisco Mobility Services Engine (MSE) 8
Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792.
Cisco
Cisco Mobility Service Engine Password Information Disclosure Vulnerability
vendor_cisco·2015-03-24·CVSS 4.0
CVE-2015-0673 [MEDIUM] CWE-200 Cisco Mobility Service Engine Password Information Disclosure Vulnerability
Cisco Mobility Service Engine Password Information Disclosure Vulnerability
A vulnerability in the Cisco Mobility Services Engine (MSE) could allow an authenticated, remote attacker to gain access to sensitive information.
The vulnerability is due to insufficient security restrictions imposed by the affected software. An authenticated, remote attacker could exploit this vulnerability to retrieve the password of other legitimate users of the affected device via log files or through the GUI. A successful exploit could be leveraged to conduct further attacks.
Cisco has confirmed the vulnerability and released software updates.
To exploit this vulnerability, an attacker must authenticate to the affected device. This access requirement decreases the likelihood of a successful exploit.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-03-26
Published