CVE-2017-12354

Description

A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version information when the software responds to HTTP requests that are sent to the web-based interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based interface of the affected software. A successful exploit could allow the attacker to view sensitive information about the software, which the attacker could use to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvf66155.

Risk Information

Base Score

5.3

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

Exploitation Probability

0.501

Associated Vulnerability

Vulnerability	OS Platform
Cisco Secure Access Control System Information Disclosure Vulnerability For Cisco Secure Access Control Server Solution Engine	NCM
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-12354)	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1705698	Security Update for Cisco Secure Access Control Server Solution Engine 5.8(0.32.2)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234