Lucene search
HistoryJun 12, 2013 - 3:30 a.m.
CVE-2013-3380
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.7
Confidence
Low
EPSS
0.001
Percentile
40.3%
The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.
Affected configurations
Node
ciscosecure_access_control_server_solution_engineMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | secure_access_control_server_solution_engine | - | cpe:2.3:h:cisco:secure_access_control_server_solution_engine:-:*:*:*:*:*:*:* |
Related
cisco
cisco
Cisco Access Control Server Privilege Escalation Vulnerability
2013-06-11 14:58:52
cvelist
cvelist
CVE-2013-3380
2013-06-12 01:00:00
cve
cve
CVE-2013-3380
2013-06-12 03:30:15
prion
prion
Information disclosure
2013-06-12 03:30:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.7
Confidence
Low
EPSS
0.001
Percentile
40.3%
Related for NVD:CVE-2013-3380