CVE-2013-3380: Infoleak
First published: Wed Jun 12 2013(Updated: )
The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Secure ACS Solution Engine |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2013-3380?
CVE-2013-3380 is classified as a medium severity vulnerability.
How do I fix CVE-2013-3380?
To fix CVE-2013-3380, apply the latest security patches provided by Cisco for the Access Control Server.
Who is affected by CVE-2013-3380?
Users of Cisco Secure Access Control System (ACS) with the administrative web interface are affected by CVE-2013-3380.
What does CVE-2013-3380 allow an attacker to do?
CVE-2013-3380 allows remote authenticated users to access sensitive information through unrestricted access to the report view page.
Is there any workaround for CVE-2013-3380?
Currently, there are no known workarounds for CVE-2013-3380 other than applying the necessary updates.
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco secure acs solution engine