ID
VAR-201206-0114
CVE
CVE-2012-3063
TITLE
Cisco Application Control Engine (ACE) Vulnerable to access restrictions
Trust: 0.8
DESCRIPTION
Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058. The problem is Bug ID CSCts30631 It is a problem. Cisco Application Control Engine (ACE) is prone to a security-bypass vulnerability. An attacker can exploit this issue to change the security settings in an unintended context as the administrator
Trust: 2.07
AFFECTED PRODUCTS
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a1\(8a\) | Trust: 1.6 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a1\(7b\) | Trust: 1.6 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a5\(1.0\) | Trust: 1.6 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a3\(2.1\) | Trust: 1.6 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a3\(2.3\) | Trust: 1.6 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a1\(7a\) | Trust: 1.6 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a4\(2.1\) | Trust: 1.6 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a1\(8\) | Trust: 1.6 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a4\(2.2\) | Trust: 1.6 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a3\(2.6\) | Trust: 1.6 |
| vendor: | cisco | model: | application control engine software | scope: | lte | version: | a4\(2.0\) | Trust: 1.0 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a3\(1.0\) | Trust: 1.0 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a1\(7\) | Trust: 1.0 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a3\(2.4\) | Trust: 1.0 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a3\(2.7\) | Trust: 1.0 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a3\(2.2\) | Trust: 1.0 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a4\(1.1\) | Trust: 1.0 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a4\(1.0\) | Trust: 1.0 |
| vendor: | cisco | model: | application control engine software | scope: | eq | version: | a3\(2.5\) | Trust: 1.0 |
| vendor: | cisco | model: | application control engine | scope: | lt | version: | a5 | Trust: 0.8 |
| vendor: | cisco | model: | application control engine | scope: | eq | version: | a5(1.1) | Trust: 0.8 |
| vendor: | cisco | model: | application control engine module | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | application control engine | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | cisco | model: | application control engine a5 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | cisco | model: | application control engine a4 | scope: | ne | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-362 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
competitive condition
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20120620-ace | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace | Trust: 0.8 |
| title: | cisco-sa-20120620-ace | url: | http://www.cisco.com/cisco/web/support/JP/111/1115/1115490_cisco-sa-20120620-ace-j.html | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2012-3063 | Trust: 2.9 |
| db: | SECTRACK | id: | 1027188 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2012-002815 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201206-378 | Trust: 0.7 |
| db: | NSFOCUS | id: | 19869 | Trust: 0.6 |
| db: | CISCO | id: | 20120620 CISCO APPLICATION CONTROL ENGINE ADMINISTRATOR IP ADDRESS OVERLAP VULNERABILITY | Trust: 0.6 |
| db: | BID | id: | 54129 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-56344 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2012-3063 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20120620-ace | Trust: 2.1 |
| url: | http://www.securitytracker.com/id?1027188 | Trust: 1.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3063 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3063 | Trust: 0.8 |
| url: | http://www.nsfocus.net/vulndb/19869 | Trust: 0.6 |
| url: | http://www.cisco.com/en/us/prod/collateral/modules/ps2706/ps6906/prod_bulletin0900aecd8045859e.html | Trust: 0.3 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/362.html | Trust: 0.1 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=26163 | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-56344 |
| db: | VULMON | id: | CVE-2012-3063 |
| db: | BID | id: | 54129 |
| db: | JVNDB | id: | JVNDB-2012-002815 |
| db: | CNNVD | id: | CNNVD-201206-378 |
| db: | NVD | id: | CVE-2012-3063 |
LAST UPDATE DATE
2025-04-11T23:14:50.688000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-56344 | date: | 2013-03-22T00:00:00 |
| db: | VULMON | id: | CVE-2012-3063 | date: | 2013-03-22T00:00:00 |
| db: | BID | id: | 54129 | date: | 2012-06-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2012-002815 | date: | 2012-06-22T00:00:00 |
| db: | CNNVD | id: | CNNVD-201206-378 | date: | 2012-06-21T00:00:00 |
| db: | NVD | id: | CVE-2012-3063 | date: | 2025-04-11T00:51:21.963 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-56344 | date: | 2012-06-20T00:00:00 |
| db: | VULMON | id: | CVE-2012-3063 | date: | 2012-06-20T00:00:00 |
| db: | BID | id: | 54129 | date: | 2012-06-20T00:00:00 |
| db: | JVNDB | id: | JVNDB-2012-002815 | date: | 2012-06-22T00:00:00 |
| db: | CNNVD | id: | CNNVD-201206-378 | date: | 2012-06-21T00:00:00 |
| db: | NVD | id: | CVE-2012-3063 | date: | 2012-06-20T20:55:02.747 |