Vigil@nce - Cisco Application Control Engine: connection in
June 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When Cisco Application Control Engine is configured in
multicontext mode, an attacker who has a valid account, can
authenticate, and access to the administrative interface of
another context.
Severity: 1/4
Creation date: 20/06/2012
IMPACTED PRODUCTS
– Cisco Application Control Engine
DESCRIPTION OF THE VULNERABILITY
The Cisco Application Control Engine product can be configured in
multicontext mode. Several administration instances are thus
available on the same IP address.
However, in some cases, an administrator can authenticate, and
access to the context of another administration instance.
When Cisco Application Control Engine is configured in
multicontext mode, an attacker who has a valid account, can
therefore authenticate, and access to the administrative interface
of another context.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN