CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
Percentile
41.8%
A vulnerability in the Cisco Mobility Services Engine (MSE) could allow an authenticated, remote attacker to gain access to sensitive information.
The vulnerability is due to insufficient security restrictions imposed by the affected software. An authenticated, remote attacker could exploit this vulnerability to retrieve the password of other legitimate users of the affected device via log files or through the GUI. A successful exploit could be leveraged to conduct further attacks.
Cisco has confirmed the vulnerability and released software updates.
To exploit this vulnerability, an attacker must authenticate to the affected device. This access requirement decreases the likelihood of a successful exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | mobility_services_engine | any | cpe:2.3:h:cisco:mobility_services_engine:any:*:*:*:*:*:*:* |