Vulnerability Details : CVE-2012-3063
Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058.
Products affected by CVE-2012-3063
- cpe:2.3:a:cisco:application_control_engine_software:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a5\(1.0\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a3\(1.0\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a1\(7\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a1\(8\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a1\(8a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a1\(7b\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a3\(2.4\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a3\(2.2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a3\(2.3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a3\(2.1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a4\(1.1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a4\(1.0\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a4\(2.2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a1\(7a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a3\(2.7\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a3\(2.5\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a4\(2.1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:application_control_engine_software:a3\(2.6\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-3063
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-3063
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:H/Au:S/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2012-3063
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3063
-
http://www.securitytracker.com/id?1027188
Cisco Application Control Engine IP Address Overlap May Let Remote Authenticated Administrators Login to the Incorrect Context - SecurityTracker
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace
Cisco Application Control Engine Administrator IP Address Overlap VulnerabilityVendor Advisory
Jump to