Vulnerabilities > Cisco > Secure Access Control System

DATE CVE VULNERABILITY TITLE RISK
2015-03-06 CVE-2014-2130 Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System
Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189.
network
low complexity
cisco CWE-264
6.5
6.5
2015-02-12 CVE-2015-0580 SQL Injection vulnerability in Cisco Secure Access Control System
Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027.
network
low complexity
cisco CWE-89
6.5
6.5
2015-01-09 CVE-2014-8029 Open Redirection vulnerability in Cisco Secure Access Control Server
Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150.
network
cisco
5.8
5.8
2015-01-09 CVE-2014-8028 Cross-site Scripting vulnerability in Cisco Secure Access Control System
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019.
network
cisco CWE-79
4.3
4.3
2015-01-09 CVE-2014-8027 Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System
The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.
network
low complexity
cisco CWE-264
6.5
6.5
2014-01-25 CVE-2014-0678 Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System
The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951.
network
low complexity
cisco CWE-264
5.5
5.5
2014-01-20 CVE-2014-0668 Cross-Site Scripting vulnerability in Cisco Secure Access Control System
Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949.
network
cisco CWE-79
4.3
4.3
2014-01-16 CVE-2014-0667 Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System
The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169.
network
cisco CWE-264
6.3
6.3
2014-01-16 CVE-2014-0650 Improper Input Validation vulnerability in Cisco Secure Access Control System
The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962.
network
low complexity
cisco CWE-20
critical
 10.0
10
2014-01-16 CVE-2014-0649 Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Access Control System
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180.
network
low complexity
cisco CWE-264
critical
 9.0
9.0