Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20150211-CSACS
HistoryFeb 11, 2015 - 4:00 p.m.

Cisco Secure Access Control System SQL Injection Vulnerability

2015-02-1116:00:00
tools.cisco.com
11

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.4%

JSON

Cisco Secure Access Control System (ACS) prior to version 5.5 patch 8 is vulnerable to a SQL injection
attack in the ACS View reporting interface pages. A
successful attack could allow an authenticated, remote attacker to access and modify information such as RADIUS accounting records stored in one of the ACS View databases or to access information in the underlying file system. A previous version of this advisory indicated that a product running version 5.5 patch 7 was not vulnerable; however, customers running version 5.5 patch 7 should upgrade to patch 8 to completely mitigate the vulnerability described in this advisory.

Cisco has released software updates that address this vulnerability.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs”]

Affected configurations

Vulners
Node
ciscosecure_access_control_systemMatchany
OR
ciscosecure_access_control_systemMatchany

Related

prion 1
cve 1
nessus 1
cvelist 1
nvd 1
securityvulns 1
prion
prion
Sql injection
2015-02-12 01:59:00
cve
cve
CVE-2015-0580
2015-02-12 01:59:21
nessus
nessus
Cisco Secure Access Control System SQLi Vulnerability (cisco-sa-20150211-csacs)
2015-02-20 00:00:00
cvelist
cvelist
CVE-2015-0580
2015-02-12 01:00:00
nvd
nvd
CVE-2015-0580
2015-02-12 01:59:21
securityvulns
securityvulns
Cisco Secure Access Control System SQL injection
2015-02-16 00:00:00

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.4%

JSON
Related for CISCO-SA-20150211-CSACS
prion1cve1nessus1cvelist1nvd1securityvulns1