Cisco Secure ACS Unauthorized Password Change

medium Nessus Plugin ID 65941

Synopsis

Attempts to change the password for a non-existent user.

Description

The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440.

Solution

Upgrade to Cisco ACS Version 5.4 or later.

See Also

http://www.nessus.org/u?f1d0e383

Plugin Details

Severity: Medium

ID: 65941

File Name: cisco_acs_unath_password_change.nbin

Version: 1.111

Type: remote

Family: CISCO

Published: 4/11/2013

Updated: 7/17/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2011-0951

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/4/2011

Exploitable With

Metasploit (Cisco Secure ACS Unauthorized Password Change)

Reference Information

CVE: CVE-2011-0951

BID: 47093