Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Secure Access Control System Information Disclosure Vulnerability

cisco-sa-20170215-acs3 · Medium · Published · Updated

A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. The vulnerability is due to the inclusion of sensitive information in a server response when certain pages of the web interface are accessed. An unauthenticated attacker with the ability to view configuration parameters could disclose passwords and other sensitive information about the affected system. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs3

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-3841
Cisco Bug IDsCSCvc04854
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Secure Access Control System (ACS)

Related Products

Product CVE Evidence
Cisco Secure Access Control System (ACS) CVE-2017-3841 Cisco OpenVuln