Vulnerability Details : CVE-2011-0951
Public exploit exists!
The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440.
Exploit prediction scoring system (EPSS) score for CVE-2011-0951
Probability of exploitation activity in the next 30 days: 1.47%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2011-0951
-
Cisco Secure ACS Unauthorized Password Change
First seen: 2020-07-16auxiliary/admin/networking/cisco_secure_acs_bypassThis module exploits an authentication bypass issue which allows arbitrary password change requests to be issued for any user in the local store. Instances of Secure ACS running version 5.1 with patches 3, 4, or 5 as well as version 5.2 with either no patches -
Cisco Secure ACS Unauthorized Password Change
First seen: 2020-04-26auxiliary/admin/cisco/cisco_secure_acs_bypassauxiliary/admin/cisco/cisco_secure_acs_bypass This module exploits an authentication bypass issue which allows arbitrary password change requests to be issued for any user in the local store. Instances of Secure ACS running version 5.1 with patches 3, 4, or 5 as well
CVSS scores for CVE-2011-0951
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-0951
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0951
-
http://www.securityfocus.com/bid/47093
Cisco Secure Access Control System (ACS) Unauthorized Password Change Security Bypass Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66471
Cisco Secure Access Control System interface security bypass CVE-2011-0951 Vulnerability Report
-
http://securitytracker.com/id?1025271
Cisco Secure Access Control System Management Interface Bug Lets Remote Users Change Arbitrary User Passwords - SecurityTracker
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml
Cisco Secure Access Control System Unauthorized Password Change Vulnerability - CiscoVendor Advisory
-
http://www.vupen.com/english/advisories/2011/0821
Webmail | OVH- OVHVendor Advisory
Products affected by CVE-2011-0951
- cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.2:*:*:*:*:*:*:*