PT-2017-12519 · Cisco · Cisco Secure Access Control System
Published
2017-11-30
·
Updated
2019-10-09
·
CVE-2017-12354
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Secure Access Control System (ACS) (affected versions not specified)
Description
A vulnerability in the web-based interface could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The issue exists because the software does not sufficiently protect system software version information when responding to HTTP requests. An attacker could exploit this by sending crafted HTTP requests to the web-based interface. A successful exploit could allow the attacker to view sensitive information, which could be used to conduct additional reconnaissance attacks.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Secure Access Control System