Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0533

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0533
Last Modified 07 Mar 2011 10:04:51
Published 14 Mar 2008 04:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0533

Summary

Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.

Vulnerable Systems

Application

  • Cisco Acs For Windows

  • Cisco Acs Solution Engine

  • Cisco User Changeable Password 4.1


References

CISCO - 20080312 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities

SECUNIA - 29351

XF - cisco-acs-ucp-csusercgi-xss(41156)

VUPEN - ADV-2008-0868

BID - 28222

BUGTRAQ - 20080312 Cisco ACS UCP Remote Pre-Authentication Buffer Overflows

MISC - http://www.recurity-labs.com/content/pub/RecurityLabs_Cisco_ACS_UCP_advisory.txt

SECTRACK - 1019607

SREASON - 3743


Last Updated: 27 May 2016 10:46:50