Cisco-SA-20150324-CVE-2015-0673

Cisco Mobility Service Engine Password Information Disclosure Vulnerability

Cisco-SA-20150324-CVE-2015-0673 · Medium · Published 11 years ago · Updated 11 years ago

A vulnerability in the Cisco Mobility Services Engine (MSE) could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to insufficient security restrictions imposed by the affected software. An authenticated, remote attacker could exploit this vulnerability to retrieve the password of other legitimate users of the affected device via log files or through the GUI. A successful exploit could be leveraged to conduct further attacks. Cisco has confirmed the vulnerability and released software updates. To exploit this vulnerability, an attacker must authenticate to the affected device. This access requirement decreases the likelihood of a successful exploit.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEs	CVE-2015-0673
Cisco Bug IDs	CSCut24792
CVSS Score	Base 4.0 Base 4.0 AV:N/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:OF/RC:C
Product Names From Source	Cisco Mobility Services Engine

CSAF Product Statuses

Product	Status	Source	CVE	Rows
Cisco Mobility Services Engine	known_affected	cisco_csaf	CVE-2015-0673	1

Related Products

Product	CVE	Evidence
Cisco Mobility Services Engine	CVE-2015-0673	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Mobility Service Engine Password Information Disclosure Vulnerability

Workarounds

CSAF Product Statuses

Related Products