CVE-2011-3293

Published: May 2, 2012Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143.

Affected (1)

Products: Cisco: Secure Access Control Server

1 product

Secure Access Control Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Secure Access Control Server	Version 5.2

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://secunia.com/advisories/49101

Source: psirt@cisco.com

http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt

Source: psirt@cisco.com

http://www.securityfocus.com/bid/53436

Source: psirt@cisco.com

http://secunia.com/advisories/49101

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/53436

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.