CiscoCISCO-SA-20140127-CVE-2014-0678Cisco Secure ACS Portal Session Management Vulnerability
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
68.5%
A vulnerability in the portal interface of Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to access the portal with the access capabilities of another user.
The vulnerability is due to insufficient session management in the portal. An attacker could exploit this vulnerability by hijacking the session of a previously authenticated user. An exploit could allow the attacker to perform actions in the portal with the privileges of another user.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker must authenticate to the targeted device. This access requirement decreases the likelihood of a successful exploit.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco secure access control system (acs) | eq | any | |
| cisco secure access control system (acs) | eq | any |
Related
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
68.5%