CVE-2011-3293: CSRF
First published: Wed May 02 2012(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure Access Control Server | =5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2011-3293?
CVE-2011-3293 is classified as a high-severity vulnerability due to its potential for remote attacks.
How do I fix CVE-2011-3293?
To mitigate CVE-2011-3293, update to a patched version of Cisco Secure Access Control Server 5.2.
What type of vulnerability is CVE-2011-3293?
CVE-2011-3293 is a cross-site request forgery (CSRF) vulnerability.
Who is affected by CVE-2011-3293?
Administrators using Cisco Secure Access Control Server version 5.2 are affected by CVE-2011-3293.
What can attackers do with CVE-2011-3293?
Attackers can hijack administrator authentication and perform unauthorized actions by exploiting CVE-2011-3293.
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco secure access control server
- version/cisco secure access control server/5.2