CVE-2011-0951

high

Description

The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/66471

http://www.vupen.com/english/advisories/2011/0821

http://www.securityfocus.com/bid/47093

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml

http://securitytracker.com/id?1025271

http://secunia.com/advisories/43924

Details

Source: Mitre, NVD

Published: 2011-04-04

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High