CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
53.9%
A vulnerability in Cisco Secure Access Control Server (ACS) may allow an authenticated, remote attacker to render the ACS web interface unreachable and to execute arbitrary code on the server with the privileges of the web server.
The vulnerability is due to a default Tomcat administration web interface, which was included unintentionally. An attacker who has an ACS administrative account could exploit this vulnerability by accessing the Tomcat administration interface and modifying the ACS application files and web interface configuration.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker must authenticate to the targeted system. This access requirement decreases the likelihood of a successful exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | secure_access_control_system | any | cpe:2.3:a:cisco:secure_access_control_system:any:*:*:*:*:*:*:* |