Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2016-1297

Vulnerability from fkie_nvd - Published: 2016-02-26 05:59 - Updated: 2025-04-12 10:46

Severity ?

8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1035104
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035104

Impacted products

Vendor	Product	Version
cisco	application_control_engine_software	a5\(1.0\)
cisco	application_control_engine_software	a5\(1.1\)
cisco	application_control_engine_software	a5\(1.2\)
cisco	application_control_engine_software	a5\(2.0\)
cisco	application_control_engine_software	a5\(2.1\)
cisco	application_control_engine_software	a5\(2.1e\)
cisco	application_control_engine_software	a5\(3.0\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(1.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B30ACF96-F3BB-48C6-8CC8-06305F04D137",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(1.1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5AB819FC-9181-4625-8679-FC413FEEB771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(1.2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "16C9EBEB-23D0-4894-9CE8-2B09BADDDFCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(2.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9B5BB899-2DC6-4EA2-897A-3293EA06DB58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(2.1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2542D0-E96D-40AA-9352-CABC35FAE18E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(2.1e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "227DD48F-F442-43B5-A417-D9DC7D461253",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(3.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "147FC771-0066-41A9-B750-31FD0DB20D63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801."
    },
    {
      "lang": "es",
      "value": "El Device Manager GUI en Cisco Application Control Engine (ACE) 4710 A5 en versiones anteriores a A5(3.1) permite a usuarios remotos autenticados eludir las restricciones RBAC previstas y ejecutar comandos CLI arbitrarios con privilegios de administrador a trav\u00e9s de un par\u00e1metro no especificado en una petici\u00f3n POST, tambi\u00e9n conocida como Bug ID CSCul84801."
    }
  ],
  "id": "CVE-2016-1297",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-02-26T05:59:00.130",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1035104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035104"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-3063

Vulnerability from fkie_nvd - Published: 2012-06-20 20:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id?1027188
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027188

Impacted products

Vendor	Product	Version
cisco	application_control_engine_software	*
cisco	application_control_engine_software	a1\(7\)
cisco	application_control_engine_software	a1\(7a\)
cisco	application_control_engine_software	a1\(7b\)
cisco	application_control_engine_software	a1\(8\)
cisco	application_control_engine_software	a1\(8a\)
cisco	application_control_engine_software	a3\(1.0\)
cisco	application_control_engine_software	a3\(2.1\)
cisco	application_control_engine_software	a3\(2.2\)
cisco	application_control_engine_software	a3\(2.3\)
cisco	application_control_engine_software	a3\(2.4\)
cisco	application_control_engine_software	a3\(2.5\)
cisco	application_control_engine_software	a3\(2.6\)
cisco	application_control_engine_software	a3\(2.7\)
cisco	application_control_engine_software	a4\(1.0\)
cisco	application_control_engine_software	a4\(1.1\)
cisco	application_control_engine_software	a4\(2.1\)
cisco	application_control_engine_software	a4\(2.2\)
cisco	application_control_engine_software	a5\(1.0\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "601952FD-E7DF-40F9-94B0-36282CFABF94",
              "versionEndIncluding": "a4\\(2.0\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a1\\(7\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D224D965-E0E4-4378-B22F-97EDE52E8F7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a1\\(7a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C6DCA3ED-54C1-41AA-A122-78D35E5FE075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a1\\(7b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0BD8DA-FE6A-422A-B5B2-B47F66F11C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a1\\(8\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6395801F-58D4-40DF-A6B7-49E13C9FD6A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a1\\(8a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D87A6F96-E8B7-4F8D-A655-D20FA351D596",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(1.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E7863207-48D0-4BEE-A5D5-149F75B67FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(2.1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "686ABAC2-F87F-4171-86B9-340D166F3D70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(2.2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0E97F5C1-57D0-43A8-8BF7-14374BB8087C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(2.3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "24CA0A33-C8B0-4B60-A8E7-F88C58307DEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(2.4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C52B749E-BEF8-45FA-A133-02A349F61004",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(2.5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9C5D103A-C08C-4B46-93C1-2231B1071BD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(2.6\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0FF7B0-049E-4078-BDB9-E8D262507D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a3\\(2.7\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9B868F36-19B8-4503-80FC-D8F476F563E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a4\\(1.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7D415C-D321-454B-8480-384A50BF57CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a4\\(1.1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F67F38F5-27F1-412D-A459-5EBC21DAC212",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a4\\(2.1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "62809902-3704-4EEA-BFC4-4D13DCD39B3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a4\\(2.2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9878AB-E068-4A29-9420-65D93FB5BBBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(1.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B30ACF96-F3BB-48C6-8CC8-06305F04D137",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058."
    },
    {
      "lang": "es",
      "value": "Cisco Application Control Engine (ACE) antes de A4(2.3) y A5 antes de A5(1.1), cuando el modo multicontexto est\u00e1 habilitado, no comparte debidamente una direcci\u00f3n IP de administraci\u00f3n entre los diferentes contextos, lo que permite eludir las restricciones de acceso previstas a los administradores remotos autenticados en determinadas circunstancias, y leer o modificar la configuraci\u00f3n, a trav\u00e9s de un intento de acceso a un contexto. Se trata de un problema tambi\u00e9n conocido como Bug ID CSCts30631, una vulnerabilidad diferente a CVE-2012-3058."
    }
  ],
  "id": "CVE-2012-3063",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-20T20:55:02.747",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id?1027188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027188"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2016-1297 (GCVE-0-2016-1297)

Vulnerability from cvelistv5 – Published: 2016-02-26 02:00 – Updated: 2024-08-05 22:48

Summary

The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

cisco

References

URL

Tags

	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id/1035104	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:48:13.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160224 Cisco ACE 4710 Application Control Engine Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace"
          },
          {
            "name": "1035104",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035104"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-02T20:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20160224 Cisco ACE 4710 Application Control Engine Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace"
        },
        {
          "name": "1035104",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035104"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1297",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160224 Cisco ACE 4710 Application Control Engine Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace"
            },
            {
              "name": "1035104",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035104"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1297",
    "datePublished": "2016-02-26T02:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:48:13.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3063 (GCVE-0-2012-3063)

Vulnerability from cvelistv5 – Published: 2012-06-20 20:00 – Updated: 2024-08-06 19:50

Summary

Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

cisco

References

URL

Tags

	http://www.securitytracker.com/id?1027188	vdb-entryx_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:50:05.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1027188",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027188"
          },
          {
            "name": "20120620 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-03-22T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1027188",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027188"
        },
        {
          "name": "20120620 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2012-3063",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1027188",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027188"
            },
            {
              "name": "20120620 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2012-3063",
    "datePublished": "2012-06-20T20:00:00",
    "dateReserved": "2012-05-30T00:00:00",
    "dateUpdated": "2024-08-06T19:50:05.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1297 (GCVE-0-2016-1297)

Vulnerability from nvd – Published: 2016-02-26 02:00 – Updated: 2024-08-05 22:48

Summary

The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

cisco

References

URL

Tags

	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id/1035104	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:48:13.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160224 Cisco ACE 4710 Application Control Engine Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace"
          },
          {
            "name": "1035104",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035104"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-02T20:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20160224 Cisco ACE 4710 Application Control Engine Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace"
        },
        {
          "name": "1035104",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035104"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1297",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160224 Cisco ACE 4710 Application Control Engine Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace"
            },
            {
              "name": "1035104",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035104"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1297",
    "datePublished": "2016-02-26T02:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:48:13.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-3063 (GCVE-0-2012-3063)

Vulnerability from nvd – Published: 2012-06-20 20:00 – Updated: 2024-08-06 19:50

Summary

Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

cisco

References

URL

Tags

	http://www.securitytracker.com/id?1027188	vdb-entryx_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:50:05.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1027188",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027188"
          },
          {
            "name": "20120620 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-03-22T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1027188",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027188"
        },
        {
          "name": "20120620 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2012-3063",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1027188",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027188"
            },
            {
              "name": "20120620 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2012-3063",
    "datePublished": "2012-06-20T20:00:00",
    "dateReserved": "2012-05-30T00:00:00",
    "dateUpdated": "2024-08-06T19:50:05.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

6 vulnerabilities found for application_control_engine_software by cisco

FKIE_CVE-2016-1297

FKIE_CVE-2012-3063

CVE-2016-1297 (GCVE-0-2016-1297)

CVE-2012-3063 (GCVE-0-2012-3063)

CVE-2016-1297 (GCVE-0-2016-1297)

CVE-2012-3063 (GCVE-0-2012-3063)