CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
66.2%
A vulnerability in the web interface of Cisco Server Provisioner could allow an unauthenticated, remote attacker to access some pages directly that should require authentication.
The vulnerability is due to a failure to enforce access controls for the vulnerable pages. An attacker could exploit this vulnerability by directly browsing to the vulnerable pages.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks in which the targeted device may reside, which may decrease the likelihood of a successful exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | server_provisioner | any | cpe:2.3:a:cisco:server_provisioner:any:*:*:*:*:*:*:* |