CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
Percentile
43.0%
An issue in the web interface of Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to view detailed error message information.
The issue is due to insufficient filtering of error condition output. An attacker could exploit this issue by forcing the system to generate an error condition.
Cisco has confirmed this vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker must authenticate to a targeted device. This access requirement decreases the likelihood of a successful exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | secure_access_control_system | any | cpe:2.3:a:cisco:secure_access_control_system:any:*:*:*:*:*:*:* |