Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2012-3063
HistoryJun 20, 2012 - 8:55 p.m.

CVE-2012-3063

2012-06-2020:55:02
CWE-362
cisco
web.nvd.nist.gov
36
cisco
ace
cve-2012-3063
vulnerability
access restrictions
management ip
multicontext mode

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

55.5%

JSON

Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.

Affected configurations

Nvd
Node
ciscoapplication_control_engine_softwareRangea4\(2.0\)
OR
ciscoapplication_control_engine_softwareMatcha1\(7\)
OR
ciscoapplication_control_engine_softwareMatcha1\(7a\)
OR
ciscoapplication_control_engine_softwareMatcha1\(7b\)
OR
ciscoapplication_control_engine_softwareMatcha1\(8\)
OR
ciscoapplication_control_engine_softwareMatcha1\(8a\)
OR
ciscoapplication_control_engine_softwareMatcha3\(1.0\)
OR
ciscoapplication_control_engine_softwareMatcha3\(2.1\)
OR
ciscoapplication_control_engine_softwareMatcha3\(2.2\)
OR
ciscoapplication_control_engine_softwareMatcha3\(2.3\)
OR
ciscoapplication_control_engine_softwareMatcha3\(2.4\)
OR
ciscoapplication_control_engine_softwareMatcha3\(2.5\)
OR
ciscoapplication_control_engine_softwareMatcha3\(2.6\)
OR
ciscoapplication_control_engine_softwareMatcha3\(2.7\)
OR
ciscoapplication_control_engine_softwareMatcha4\(1.0\)
OR
ciscoapplication_control_engine_softwareMatcha4\(1.1\)
OR
ciscoapplication_control_engine_softwareMatcha4\(2.1\)
OR
ciscoapplication_control_engine_softwareMatcha4\(2.2\)
OR
ciscoapplication_control_engine_softwareMatcha5\(1.0\)
VendorProductVersionCPE
ciscoapplication_control_engine_software*cpe:2.3:a:cisco:application_control_engine_software:*:*:*:*:*:*:*:*
ciscoapplication_control_engine_softwarea1(7)cpe:2.3:a:cisco:application_control_engine_software:a1\(7\):*:*:*:*:*:*:*
ciscoapplication_control_engine_softwarea1(7a)cpe:2.3:a:cisco:application_control_engine_software:a1\(7a\):*:*:*:*:*:*:*
ciscoapplication_control_engine_softwarea1(7b)cpe:2.3:a:cisco:application_control_engine_software:a1\(7b\):*:*:*:*:*:*:*
ciscoapplication_control_engine_softwarea1(8)cpe:2.3:a:cisco:application_control_engine_software:a1\(8\):*:*:*:*:*:*:*
ciscoapplication_control_engine_softwarea1(8a)cpe:2.3:a:cisco:application_control_engine_software:a1\(8a\):*:*:*:*:*:*:*
ciscoapplication_control_engine_softwarea3(1.0)cpe:2.3:a:cisco:application_control_engine_software:a3\(1.0\):*:*:*:*:*:*:*
ciscoapplication_control_engine_softwarea3(2.1)cpe:2.3:a:cisco:application_control_engine_software:a3\(2.1\):*:*:*:*:*:*:*
ciscoapplication_control_engine_softwarea3(2.2)cpe:2.3:a:cisco:application_control_engine_software:a3\(2.2\):*:*:*:*:*:*:*
ciscoapplication_control_engine_softwarea3(2.3)cpe:2.3:a:cisco:application_control_engine_software:a3\(2.3\):*:*:*:*:*:*:*
Rows per page:
1-10 of 191

Related

prion 2
cvelist 2
nvd 2
nessus 2
cisco 2
securityvulns 2
cve 1
prion
prion
Design/Logic Flaw
2012-06-20 20:55:00
Code injection
2012-06-20 20:55:00
cvelist
cvelist
CVE-2012-3063
2012-06-20 20:00:00
CVE-2012-3058
2012-06-20 20:00:00
nvd
nvd
CVE-2012-3063
2012-06-20 20:55:02
CVE-2012-3058
2012-06-20 20:55:02
nessus
nessus
Cisco Application Control Engine Login Administrator IP Address Overlap (cisco-sa-20120620-ace)
2013-09-16 00:00:00
Cisco ASA 5500 Series DoS (cisco-sa-20120620-asaipv6)
2012-06-26 00:00:00
cisco
cisco
Cisco Application Control Engine Administrator IP Address Overlap Vulnerability
2012-06-20 16:00:00
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability
2012-06-20 16:00:00
securityvulns
securityvulns
Cisco Application Control Engine privilege escalation
2012-06-25 00:00:00
Cisco ASA DoS
2012-06-25 00:00:00
cve
cve
CVE-2012-3058
2012-06-20 20:55:02

CVSS2

7.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

55.5%

JSON
Related for CVE-2012-3063
prion2cvelist2nvd2nessus2cisco2securityvulns2cve1