CVE-2015-0673: Infoleak
First published: Thu Mar 26 2015(Updated: )
Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bug ID CSCut24792.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Mobility Services Engine | =8.0\(110.0\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0673?
CVE-2015-0673 is classified as a high-severity vulnerability that allows remote authenticated users to discover passwords.
How do I fix CVE-2015-0673?
To mitigate CVE-2015-0673, Cisco recommends upgrading to a patched version of the Mobility Services Engine software.
Who is affected by CVE-2015-0673?
CVE-2015-0673 affects users of Cisco Mobility Services Engine version 8.0(110.0).
What type of access is required to exploit CVE-2015-0673?
CVE-2015-0673 can be exploited by remote authenticated users with access to the affected system.
What are the potential impacts of CVE-2015-0673?
The exploitation of CVE-2015-0673 may lead to unauthorized password disclosure, compromising user accounts.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/severity
- agent/author
- agent/references
- agent/tags
- agent/event
- agent/description
- agent/softwarecombine
- vendor/cisco
- canonical/cisco mobility services engine
- version/cisco mobility services engine/8.0\(110.0\)