Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-3063

Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.

Published

2012-06-20T20:55:02.747

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.1 (HIGH)

CVSSv2 Vector

AV:N/AC:H/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	application_control_engine_software	≤ a4\(2.0\)	Yes
Application	cisco	application_control_engine_software	a1\(7\)	Yes
Application	cisco	application_control_engine_software	a1\(7a\)	Yes
Application	cisco	application_control_engine_software	a1\(7b\)	Yes
Application	cisco	application_control_engine_software	a1\(8\)	Yes
Application	cisco	application_control_engine_software	a1\(8a\)	Yes
Application	cisco	application_control_engine_software	a3\(1.0\)	Yes
Application	cisco	application_control_engine_software	a3\(2.1\)	Yes
Application	cisco	application_control_engine_software	a3\(2.2\)	Yes
Application	cisco	application_control_engine_software	a3\(2.3\)	Yes
Application	cisco	application_control_engine_software	a3\(2.4\)	Yes
Application	cisco	application_control_engine_software	a3\(2.5\)	Yes
Application	cisco	application_control_engine_software	a3\(2.6\)	Yes
Application	cisco	application_control_engine_software	a3\(2.7\)	Yes
Application	cisco	application_control_engine_software	a4\(1.0\)	Yes
Application	cisco	application_control_engine_software	a4\(1.1\)	Yes
Application	cisco	application_control_engine_software	a4\(2.1\)	Yes
Application	cisco	application_control_engine_software	a4\(2.2\)	Yes
Application	cisco	application_control_engine_software	a5\(1.0\)	Yes

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace Vendor Advisory ([email protected])
http://www.securitytracker.com/id?1027188 ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1027188 (af854a3a-2127-422b-91ae-364da2661108)