PROBLEM:
A vulnerability was reported in Cisco Mobility Services Engine. A remote user can login anonymously.
PLATFORM:
Cisco Mobility Services Engine
ABSTRACT:
A vulnerability in Cisco Mobility Services Engine could allow an unauthenticated, remote attacker to connect to a database replication port anonymously via Secure Sockets Layer (SSL).
REFERENCE LINKS:
SecurityTracker Alert ID: 1028972
CVE-2013-3469
IMPACT ASSESSMENT:
Medium
DISCUSSION:
The vulnerability is due to the misconfiguration of the Oracle SSL service. An attacker could exploit this vulnerability by connecting to an unprotected port. An exploit could allow the attacker to login as an anonymous user.
IMPACT:
User access via network
SOLUTION:
The vendor has issued a fix