What is CVE-2011-0951?

CVE-2011-0951 is a vulnerability in Cisco Secure_access_control_system, classified under CWE-255. Published 2011-04-04.

Is CVE-2011-0951 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Cisco Secure_access_control_system

CVE-2011-0951

The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440.

EPSS: 0.680 (98.6th percentile) — read the EPSS interpretation.

Affected products

Cisco Secure_access_control_system — versions 5.1, 5.1.0.44, 5.1.0.44.1
N/a — versions n/a

Weakness classification (CWE)

CWE-255

Public proof-of-concept exploits

rapid7/metasploit-framework

References

43924 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
1025271 (vdb-entry, x_refsource_SECTRACK)
ADV-2011-0821 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
20110330 Cisco Secure Access Control System Unauthorized Password Change Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
cisco-acs-interface-security-bypass(66471) (vdb-entry, x_refsource_XF)
47093 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2011-0951?: CVE-2011-0951 is a vulnerability in Cisco Secure_access_control_system, classified under CWE-255. Published 2011-04-04.
Is CVE-2011-0951 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.