Vulnerability Details : CVE-2011-0963
The default configuration of the RADIUS authentication feature on the Cisco Network Admission Control (NAC) Guest Server with software before 2.0.3 allows remote attackers to bypass intended access restrictions and obtain network connectivity via unspecified vectors, aka Bug ID CSCtj66922.
Exploit prediction scoring system (EPSS) score for CVE-2011-0963
Probability of exploitation activity in the next 30 days: 0.19%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 57 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-0963
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-0963
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0963
-
http://www.securitytracker.com/id?1025272
Cisco NAC Guest Server Configuration Error Lets Remote Users Bypass Authentication and Access the Network - SecurityTracker
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74114.shtml
Cisco Network Admission Control Guest Server System Software Authentication Bypass Vulnerability - Cisco
Products affected by CVE-2011-0963
- cpe:2.3:h:cisco:nac_guest_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:nac_guest_server_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:nac_guest_server_software:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:nac_guest_server_software:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:nac_guest_server_software:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:nac_guest_server_software:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:nac_guest_server_software:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:nac_guest_server_software:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:nac_guest_server_software:1.1.3:*:*:*:*:*:*:*