CVE-2012-3063

Published Jun 20, 2012

Last updated 12 years ago

CVSS info 7.1

Overview

Description: Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.1
Impact score: 10
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-362

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "601952FD-E7DF-40F9-94B0-36282CFABF94",
            "versionEndIncluding": "a4\\(2.0\\)"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a1\\(7\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D224D965-E0E4-4378-B22F-97EDE52E8F7F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a1\\(7a\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6DCA3ED-54C1-41AA-A122-78D35E5FE075"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a1\\(7b\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D0BD8DA-FE6A-422A-B5B2-B47F66F11C66"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a1\\(8\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6395801F-58D4-40DF-A6B7-49E13C9FD6A5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a1\\(8a\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D87A6F96-E8B7-4F8D-A655-D20FA351D596"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(1.0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7863207-48D0-4BEE-A5D5-149F75B67FB5"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(2.1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "686ABAC2-F87F-4171-86B9-340D166F3D70"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(2.2\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E97F5C1-57D0-43A8-8BF7-14374BB8087C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(2.3\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24CA0A33-C8B0-4B60-A8E7-F88C58307DEE"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(2.4\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C52B749E-BEF8-45FA-A133-02A349F61004"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(2.5\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C5D103A-C08C-4B46-93C1-2231B1071BD1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(2.6\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D0FF7B0-049E-4078-BDB9-E8D262507D2B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(2.7\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B868F36-19B8-4503-80FC-D8F476F563E1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a4\\(1.0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A7D415C-D321-454B-8480-384A50BF57CC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a4\\(1.1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F67F38F5-27F1-412D-A459-5EBC21DAC212"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a4\\(2.1\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62809902-3704-4EEA-BFC4-4D13DCD39B3A"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a4\\(2.2\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D9878AB-E068-4A29-9420-65D93FB5BBBF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(1.0\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B30ACF96-F3BB-48C6-8CC8-06305F04D137"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References