Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20140115-CSACS
HistoryJan 15, 2014 - 4:00 p.m.

Multiple Vulnerabilities in Cisco Secure Access Control System

2014-01-1516:00:00
tools.cisco.com
5

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.3%

JSON

Cisco Secure Access Control System (ACS) is affected by the following vulnerabilities:

Cisco Secure ACS RMI Privilege Escalation Vulernability
Cisco Secure ACS RMI Unauthenticated User Access Vulnerability

Cisco Secure ACS Operating System Command Injection Vulnerability

Cisco Secure ACS uses the Remote Method Invocation (RMI) interface for internode communication using TCP ports 2020 and 2030.

These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the other.

Cisco has released software updates that address these vulnerabilities. This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs”]

Network-based mitigations for the RMI-based vulnerabilities are outlined in the Cisco Applied Mitigation Bulletin: Identifying and Mitigating the Multiple Vulnerabilities in Cisco Secure Access Control System
https://sec.cloudapps.cisco.com/security/center/viewAMBAlert.x?alertId=32120 [“https://sec.cloudapps.cisco.com/security/center/viewAMBAlert.x?alertId=32120”]

Affected configurations

Vulners
Node
ciscosecure_access_control_systemMatchany
OR
ciscosecure_access_control_systemMatchany

Related

nessus 1
securityvulns 1
prion 3
nvd 3
cve 3
cvelist 3
nessus
nessus
Multiple Vulnerabilities in Cisco Secure Access Control System (cisco-sa-20140115-csacs)
2014-01-16 00:00:00
securityvulns
securityvulns
Cisco Secure Access Control System multiple security vulnerabilities
2014-01-19 00:00:00
prion
prion
Authorization
2014-01-16 19:55:00
Design/Logic Flaw
2014-01-16 19:55:00
Design/Logic Flaw
2014-01-16 19:55:00
nvd
nvd
CVE-2014-0648
2014-01-16 19:55:04
CVE-2014-0649
2014-01-16 19:55:04
CVE-2014-0650
2014-01-16 19:55:04
cve
cve
CVE-2014-0649
2014-01-16 19:55:04
CVE-2014-0648
2014-01-16 19:55:04
CVE-2014-0650
2014-01-16 19:55:04
cvelist
cvelist
CVE-2014-0649
2014-01-16 19:00:00
CVE-2014-0648
2014-01-16 19:00:00
CVE-2014-0650
2014-01-16 19:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.3%

JSON
Related for CISCO-SA-20140115-CSACS
nessus1securityvulns1prion3nvd3cve3cvelist3