Management IP Address Overlap Vulnerability in Cisco Application Control Engine
CVE-2012-3063

Currently unrated

Key Information:

Vendor: Cisco
Status: Application Control Engine Software
Vendor: CVE Published:; 20 June 2012

Summary

Cisco Application Control Engine (ACE) versions before A4(2.3) and A5 before A5(1.1) are susceptible to a vulnerability that arises when multicontext mode is enabled. This vulnerability allows remote authenticated administrators to exploit improper management IP address sharing among multiple contexts, potentially leading to circumvention of intended access restrictions. As a result, unauthorized alterations to configuration settings may occur during login attempts to affected contexts, which poses a significant risk to system integrity and configuration confidentiality. For more information, refer to Cisco's advisory on this issue.

References

http://www.securitytracker.com/id?1027188

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Jun 20, 2012
Vulnerability Reserved
May 30, 2012