CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
55.5%
Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | application_control_engine_software | * | cpe:2.3:a:cisco:application_control_engine_software:*:*:*:*:*:*:*:* |
cisco | application_control_engine_software | a1(7) | cpe:2.3:a:cisco:application_control_engine_software:a1\(7\):*:*:*:*:*:*:* |
cisco | application_control_engine_software | a1(7a) | cpe:2.3:a:cisco:application_control_engine_software:a1\(7a\):*:*:*:*:*:*:* |
cisco | application_control_engine_software | a1(7b) | cpe:2.3:a:cisco:application_control_engine_software:a1\(7b\):*:*:*:*:*:*:* |
cisco | application_control_engine_software | a1(8) | cpe:2.3:a:cisco:application_control_engine_software:a1\(8\):*:*:*:*:*:*:* |
cisco | application_control_engine_software | a1(8a) | cpe:2.3:a:cisco:application_control_engine_software:a1\(8a\):*:*:*:*:*:*:* |
cisco | application_control_engine_software | a3(1.0) | cpe:2.3:a:cisco:application_control_engine_software:a3\(1.0\):*:*:*:*:*:*:* |
cisco | application_control_engine_software | a3(2.1) | cpe:2.3:a:cisco:application_control_engine_software:a3\(2.1\):*:*:*:*:*:*:* |
cisco | application_control_engine_software | a3(2.2) | cpe:2.3:a:cisco:application_control_engine_software:a3\(2.2\):*:*:*:*:*:*:* |
cisco | application_control_engine_software | a3(2.3) | cpe:2.3:a:cisco:application_control_engine_software:a3\(2.3\):*:*:*:*:*:*:* |