CVE-2011-0951

Cisco Secure Access Control System - Unauthenticated Arbitrary Password Change

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0951. Includes Metasploit module auxiliary/admin/networking/cisco_secure_acs_bypass.

AI-analyzed exploit summary This Metasploit module exploits an authentication bypass vulnerability in Cisco Secure ACS to change the password of any user in the local store. It sends a crafted SOAP request to the UCP WebService endpoint to achieve this.

Description

The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440.

Exploits (1)

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/networking/cisco_secure_acs_bypass.rb

View Code ZIP pw:eip

This Metasploit module exploits an authentication bypass vulnerability in Cisco Secure ACS to change the password of any user in the local store. It sends a crafted SOAP request to the UCP WebService endpoint to achieve this.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Cisco Secure ACS versions 5.1 (patches 3, 4, or 5) and 5.2 (no patches or patches 1 and 2)

No auth needed

Prerequisites: Network access to the target system · Valid username to change the password for

MITRE ATT&CK

T1110.001 - Password Guessing

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43924

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1025271

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0821

Vendor Advisory vendor-advisory x_refsource_cisco

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/66471

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/47093

Scores

EPSS 0.6804

EPSS Percentile 98.6%

Details

CWE

CWE-255

Status published

Products (11)

cisco/secure_access_control_system 5.1

cisco/secure_access_control_system 5.1.0.44

cisco/secure_access_control_system 5.1.0.44.1

cisco/secure_access_control_system 5.1.0.44.2

cisco/secure_access_control_system 5.1.0.44.3

cisco/secure_access_control_system 5.1.0.44.4

cisco/secure_access_control_system 5.1.0.44.5

cisco/secure_access_control_system 5.2

cisco/secure_access_control_system 5.2.0.26

cisco/secure_access_control_system 5.2.0.26.1

... and 1 more

Published Apr 04, 2011

Tracked Since Feb 18, 2026