Lucene search
CiscoCVE-2013-3380HistoryOct 03, 2022 - 4:14 p.m.
CVE-2013-3380
2022-10-0316:14:44
CWE-200
cisco
web.nvd.nist.gov
20
information security
cisco
cve-2013-3380
access control server
acs
bug id cscue79279
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.8
Confidence
Low
EPSS
0.001
Percentile
40.3%
The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.
Affected configurations
Node
ciscosecure_access_control_server_solution_engineMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | secure_access_control_server_solution_engine | - | cpe:/h:cisco:secure_access_control_server_solution_engine:-::: |
Related
cisco
cisco
Cisco Access Control Server Privilege Escalation Vulnerability
2013-06-11 14:58:52
cvelist
cvelist
CVE-2013-3380
2022-10-03 16:14:44
nvd
nvd
CVE-2013-3380
2013-06-12 03:30:15
prion
prion
Information disclosure
2013-06-12 03:30:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.8
Confidence
Low
EPSS
0.001
Percentile
40.3%
Related for CVE-2013-3380