Cross-Site Request Forgery Vulnerabilities in Cisco Secure Access Control Server
CVE-2011-3293

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control Server
Vendor: CVE Published:; 2 May 2012

Summary

Multiple CSRF vulnerabilities in the Solution Engine of Cisco Secure Access Control Server (ACS) 5.2 enable remote attackers to compromise administrator authentication. By leveraging these vulnerabilities, attackers can execute unauthorized actions by inserting malicious cross-site scripting (XSS) sequences into requests. This could allow an attacker to perform actions on behalf of the administrators without their consent, potentially leading to unauthorized access and manipulation of sensitive configurations.

References

http://secunia.com/advisories/49101

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/53436

vdb-entryx_refsource_BID

http://www.cisco.com/web/software/282766937/37718/Acs-5-2...

x_refsource_CONFIRM

Timeline

Vulnerability published
May 2, 2012
Vulnerability Reserved
Aug 29, 2011