- Description
- The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
- nvd@nist.gov
- CWE-200
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:secure_access_control_server_solution_engine:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EF4FCB3-CA89-4F76-B84B-5BE789AAB413"
}
],
"operator": "OR"
}
]
}
]