Password Information Disclosure Vulnerability in Cisco Mobility Services Engine
CVE-2015-0673

Currently unrated

Key Information:

Vendor: Cisco
Status: Mobility Services Engine
Vendor: CVE Published:; 26 March 2015

Summary

The Cisco Mobility Services Engine version 8.0(110.0) is susceptible to a vulnerability that enables remote authenticated users to inadvertently discover passwords of other users. This is achievable through two primary avenues: either by accessing sensitive log files or utilizing an unspecified user interface feature within the application. This exploitation could potentially lead to unauthorized access to user accounts, heightening the risk of further security breaches.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1031971

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Mar 26, 2015
Vulnerability Reserved
Jan 7, 2015