PT-2017-12519 · Cisco · Cisco Secure Access Control System
Publicado
2017-11-30
·
Atualizado
2019-10-09
·
CVE-2017-12354
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Secure Access Control System (ACS) (affected versions not specified)
Description
A vulnerability in the web-based interface could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The issue exists because the software does not sufficiently protect system software version information when responding to HTTP requests. An attacker could exploit this by sending crafted HTTP requests to the web-based interface. A successful exploit could allow the attacker to view sensitive information, which could be used to conduct additional reconnaissance attacks.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Secure Access Control System