| Vulnerability Name: | CVE-2013-3380 (CCN-84890) | ||||||||
| Assigned: | 2013-06-10 | ||||||||
| Published: | 2013-06-10 | ||||||||
| Updated: | 2018-10-30 | ||||||||
| Summary: | The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N) 3.3 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:OF/RC:C)
3.3 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-3380 Source: CCN Type: Cisco Security Notice Cisco Access Control Server Privilege Escalation Vulnerability Source: CISCO Type: Vendor Advisory 20130610 Cisco Access Control Server Privilege Escalation Vulnerability Source: XF Type: UNKNOWN cisco-acs-cve20133380-info-disc(84890) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||