Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3063

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2012-3063
Last Modified 21 Mar 2013 11:11:05
Published 20 Jun 2012 04:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2012-3063

Summary

Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.

Vulnerable Systems

Application

  • Cisco Application Control Engine Software A1%287%29

  • Cisco Application Control Engine Software A1%287a%29

  • Cisco Application Control Engine Software A1%287b%29

  • Cisco Application Control Engine Software A1%288%29

  • Cisco Application Control Engine Software A1%288a%29

  • Cisco Application Control Engine Software A3%281.0%29

  • Cisco Application Control Engine Software A3%282.1%29

  • Cisco Application Control Engine Software A3%282.2%29

  • Cisco Application Control Engine Software A3%282.3%29

  • Cisco Application Control Engine Software A3%282.4%29

  • Cisco Application Control Engine Software A3%282.5%29

  • Cisco Application Control Engine Software A3%282.6%29

  • Cisco Application Control Engine Software A3%282.7%29

  • Cisco Application Control Engine Software A4%281.0%29

  • Cisco Application Control Engine Software A4%281.1%29

  • Cisco Application Control Engine Software A4%282.0%29

  • Cisco Application Control Engine Software A4%282.1%29

  • Cisco Application Control Engine Software A4%282.2%29

  • Cisco Application Control Engine Software A5%281.0%29


References

CISCO - 20120620 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability

SECTRACK - 1027188


Last Updated: 27 May 2016 10:56:33