Lucene search

[email protected]CVE-2014-0648

HistoryJan 16, 2014 - 7:55 p.m.

CVE-2014-0648

2014-01-1619:55:04

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-0648

cisco

secure access control system

acs

remote code execution

authentication bypass

authorization

vulnerability

6.8 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.3%

JSON

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187.

Affected configurations

NVD

Node

ciscosecure_access_control_systemRange≤5.4.0.46.6

ciscosecure_access_control_systemMatch5.1

ciscosecure_access_control_systemMatch5.1.0.44

ciscosecure_access_control_systemMatch5.1.0.44.1

ciscosecure_access_control_systemMatch5.1.0.44.2

ciscosecure_access_control_systemMatch5.1.0.44.3

ciscosecure_access_control_systemMatch5.1.0.44.4

ciscosecure_access_control_systemMatch5.1.0.44.5

ciscosecure_access_control_systemMatch5.2

ciscosecure_access_control_systemMatch5.2.0.26

ciscosecure_access_control_systemMatch5.2.0.26.1

ciscosecure_access_control_systemMatch5.2.0.26.2

ciscosecure_access_control_systemMatch5.3.0.40.1

ciscosecure_access_control_systemMatch5.3.0.40.2

ciscosecure_access_control_systemMatch5.3.0.40.3

ciscosecure_access_control_systemMatch5.3.0.40.4

ciscosecure_access_control_systemMatch5.3.0.40.5

ciscosecure_access_control_systemMatch5.3.0.40.6

ciscosecure_access_control_systemMatch5.3.0.40.7

ciscosecure_access_control_systemMatch5.3.0.40.8

ciscosecure_access_control_systemMatch5.3.0.40.9

ciscosecure_access_control_systemMatch5.4.0.46.1

ciscosecure_access_control_systemMatch5.4.0.46.2

ciscosecure_access_control_systemMatch5.4.0.46.3

ciscosecure_access_control_systemMatch5.4.0.46.4

ciscosecure_access_control_systemMatch5.4.0.46.5

CPENameOperatorVersion
cisco:secure_access_control_systemcisco secure access control systemle5.4.0.46.6
cisco:secure_access_control_systemcisco secure access control systemeq5.1
cisco:secure_access_control_systemcisco secure access control systemeq5.1.0.44
cisco:secure_access_control_systemcisco secure access control systemeq5.1.0.44.1
cisco:secure_access_control_systemcisco secure access control systemeq5.1.0.44.2
cisco:secure_access_control_systemcisco secure access control systemeq5.1.0.44.3
cisco:secure_access_control_systemcisco secure access control systemeq5.1.0.44.4
cisco:secure_access_control_systemcisco secure access control systemeq5.1.0.44.5
cisco:secure_access_control_systemcisco secure access control systemeq5.2
cisco:secure_access_control_systemcisco secure access control systemeq5.2.0.26

CPE	Name	Operator	Version
cisco:secure_access_control_system	cisco secure access control system	le	5.4.0.46.6
cisco:secure_access_control_system	cisco secure access control system	eq	5.1
cisco:secure_access_control_system	cisco secure access control system	eq	5.1.0.44
cisco:secure_access_control_system	cisco secure access control system	eq	5.1.0.44.1
cisco:secure_access_control_system	cisco secure access control system	eq	5.1.0.44.2
cisco:secure_access_control_system	cisco secure access control system	eq	5.1.0.44.3
cisco:secure_access_control_system	cisco secure access control system	eq	5.1.0.44.4
cisco:secure_access_control_system	cisco secure access control system	eq	5.1.0.44.5
cisco:secure_access_control_system	cisco secure access control system	eq	5.2
cisco:secure_access_control_system	cisco secure access control system	eq	5.2.0.26