CVE-2011-0951
First published: Fri Apr 01 2011(Updated: )
The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure Access Control System | =5.2 | |
| Cisco Secure Access Control System | =5.2.0.26 | |
| Cisco Secure Access Control System | =5.1.0.44.2 | |
| Cisco Secure Access Control System | =5.1.0.44 | |
| Cisco Secure Access Control System | =5.1.0.44.5 | |
| Cisco Secure Access Control System | =5.1.0.44.3 | |
| Cisco Secure Access Control System | =5.1.0.44.1 | |
| Cisco Secure Access Control System | =5.2.0.26.2 | |
| Cisco Secure Access Control System | =5.1 | |
| Cisco Secure Access Control System | =5.2.0.26.1 | |
| Cisco Secure Access Control System | =5.1.0.44.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/47093
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml
- http://securitytracker.com/id?1025271
- http://www.vupen.com/english/advisories/2011/0821
- http://secunia.com/advisories/43924
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66471
Frequently Asked Questions
What is the severity of CVE-2011-0951?
CVE-2011-0951 is classified as a high-severity vulnerability that allows attackers to change arbitrary user passwords.
How do I fix CVE-2011-0951?
To mitigate CVE-2011-0951, you should upgrade to Cisco Secure Access Control System version 5.2.0.26.3 or later, or 5.1.0.44.6 or later.
Which versions of Cisco Secure Access Control System are affected by CVE-2011-0951?
CVE-2011-0951 affects Cisco Secure Access Control System versions 5.1 and 5.2 prior to their respective patched releases.
What type of attack is facilitated by CVE-2011-0951?
CVE-2011-0951 facilitates remote attacks that can lead to unauthorized password changes for users.
Is there a workaround for CVE-2011-0951?
There is no documented workaround for CVE-2011-0951, so the recommended action is to apply the software update.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/tags
- agent/event
- agent/first-publish-date
- agent/source
- vendor/cisco
- canonical/cisco secure access control system
- version/cisco secure access control system/5.2
- version/cisco secure access control system/5.2.0.26
- version/cisco secure access control system/5.1.0.44.2
- version/cisco secure access control system/5.1.0.44
- version/cisco secure access control system/5.1.0.44.5
- version/cisco secure access control system/5.1.0.44.3
- version/cisco secure access control system/5.1.0.44.1
- version/cisco secure access control system/5.2.0.26.2
- version/cisco secure access control system/5.1
- version/cisco secure access control system/5.2.0.26.1
- version/cisco secure access control system/5.1.0.44.4