CVE-2017-12354

CWE-200 — Information Exposure4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.5%

top 33.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Access Control System

Timeline

PublishedNov 30

Latest updateMay 13

Description

A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version information when the software responds to HTTP requests that are sent to the web-based interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco_secure_access_control_systemCisco Secure Access Control System

▶NVDcisco/secure_access_control_system5.8\(0.32\)

🔴Vulnerability Details

GHSA

GHSA-w8vw-wf89-76qj: A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensiti↗2022-05-13

▶

CVEList

CVE-2017-12354: A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensiti↗2017-11-30

▶

📋Vendor Advisories

Cisco

Cisco Secure Access Control System Information Disclosure Vulnerability↗2017-11-29

▶