Vulnerabilities > Cisco > Secure Access Control Server

DATE CVE VULNERABILITY TITLE RISK
2015-10-30 CVE-2015-6349 Cross-site Scripting vulnerability in Cisco Secure Access Control Server 5.7.0.15
Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
cisco CWE-79
4.3
2015-10-30 CVE-2015-6348 Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control Server 5.7.0.15
The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.
network
low complexity
cisco CWE-264
4.0
2015-10-30 CVE-2015-6347 Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control Server 5.7.0.15
The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page.
network
low complexity
cisco CWE-264
4.0
2015-10-30 CVE-2015-6346 Cross-site Scripting vulnerability in Cisco Secure Access Control Server 5.7.0.15
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
cisco CWE-79
4.3
2015-10-30 CVE-2015-6345 SQL Injection vulnerability in Cisco Secure Access Control Server 5.7.0.15
SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.
network
low complexity
cisco CWE-89
6.5
2015-09-20 CVE-2015-6300 Improper Input Validation vulnerability in Cisco Secure Access Control Server 5.7.0.15
Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694.
network
low complexity
cisco CWE-20
4.0
2015-05-22 CVE-2015-0746 7PK - Security Features vulnerability in Cisco Secure Access Control Server 5.5(0.46.2)
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.
network
low complexity
cisco CWE-254
5.0
2015-05-16 CVE-2015-0729 Cross-site Scripting vulnerability in Cisco Secure Access Control Server 5.5(0.1)
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005.
network
cisco CWE-79
4.3
2013-08-29 CVE-2013-3466 Improper Authentication vulnerability in Cisco Secure Access Control Server
The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.
network
cisco CWE-287
critical
9.3
2012-11-07 CVE-2012-5424 Improper Input Validation vulnerability in Cisco Secure Access Control Server
Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634.
network
low complexity
cisco CWE-20
5.0