{ "id": "CVE-2011-0951", "sourceIdentifier": "ykramarz@cisco.com", "published": "2011-04-04T12:27:36.843", "lastModified": "2017-08-17T01:33:45.400", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440." }, { "lang": "es", "value": "La interfaz de gesti\u00f3n basada en web en Cisco Secure Access Control System ( ACS ) v5.1 y v5.2 antes de v5.1.0.44.6 5.2.0.26.3, permite a atacantes remotos cambiar las contrase\u00f1as de usuario de forma arbitraria a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como CSCtl77440 ID de error." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-255" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2CF8363-45D0-43C8-B7B9-3F6BC2234A30" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44:*:*:*:*:*:*:*", "matchCriteriaId": "07DE9E4E-2F14-4A31-AFC3-154B1844AE03" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.1:*:*:*:*:*:*:*", "matchCriteriaId": "401107FC-A04B-4375-8C3C-33E7180EDA16" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.2:*:*:*:*:*:*:*", "matchCriteriaId": "BE77C1EB-585A-453E-80C4-D5CE79A99B50" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.3:*:*:*:*:*:*:*", "matchCriteriaId": "E6BC5C61-A23C-4536-B659-75520AC5129C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.4:*:*:*:*:*:*:*", "matchCriteriaId": "8F31E15C-954C-47BF-A461-D4051ADAF1FF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.5:*:*:*:*:*:*:*", "matchCriteriaId": "BE8F7733-1E65-4D6C-91D0-6E0D56F1BD28" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "04BBADC0-EAAB-49D8-94B3-4DA6F308BD77" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "0BD85C33-787C-4495-A37F-842098361872" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.1:*:*:*:*:*:*:*", "matchCriteriaId": "09622F03-6BEB-483F-9A67-1E6F78536C61" }, { "vulnerable": true, "criteria": "cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.2:*:*:*:*:*:*:*", "matchCriteriaId": "1922B2DD-14C3-458E-9F41-46262B98EC60" } ] } ] } ], "references": [ { "url": "http://securitytracker.com/id?1025271", "source": "ykramarz@cisco.com" }, { "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml", "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/bid/47093", "source": "ykramarz@cisco.com" }, { "url": "http://www.vupen.com/english/advisories/2011/0821", "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66471", "source": "ykramarz@cisco.com" } ] }