CVE-2011-0951

Cisco Secure Access Control System - Credentials Management

Title source: rule

Description

The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440.

Exploits (1)

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/networking/cisco_secure_acs_bypass.rb

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://secunia.com/advisories/43924

[Vendor Advisory] http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml

[Vendor Advisory] http://www.vupen.com/english/advisories/2011/0821

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/66471

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/47093

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1025271

Scores

EPSS 0.6804

EPSS Percentile 98.6%

Details

CWE

CWE-255

Status published

Products (11)

cisco/secure_access_control_system 5.1

cisco/secure_access_control_system 5.1.0.44

cisco/secure_access_control_system 5.1.0.44.1

cisco/secure_access_control_system 5.1.0.44.2

cisco/secure_access_control_system 5.1.0.44.3

cisco/secure_access_control_system 5.1.0.44.4

cisco/secure_access_control_system 5.1.0.44.5

cisco/secure_access_control_system 5.2

cisco/secure_access_control_system 5.2.0.26

cisco/secure_access_control_system 5.2.0.26.1

... and 1 more

Published Apr 04, 2011

Tracked Since Feb 18, 2026