Cisco Server Provisioner Web Interface Information Disclosure Vulnerability

A vulnerability in the web interface of Cisco Server Provisioner could allow an unauthenticated, remote attacker to access some pages directly that should require authentication.

The vulnerability is due to a failure to enforce access controls for the vulnerable pages. An attacker could exploit this vulnerability by directly browsing to the vulnerable pages.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks in which the targeted device may reside, which may decrease the likelihood of a successful exploit.