Lucene search

[email protected]CVE-2014-0650

HistoryJan 16, 2014 - 7:55 p.m.

CVE-2014-0650

2014-01-1619:55:04

CWE-20

[email protected]

web.nvd.nist.gov

cisco

secure access control system

acs

cve-2014-0650

nvd

vulnerability

web interface

remote execution

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.5%

JSON

The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962.

Affected configurations

NVD

Node

ciscosecure_access_control_systemRange≤5.4.0.46.2

ciscosecure_access_control_systemMatch5.1

ciscosecure_access_control_systemMatch5.1.0.44

ciscosecure_access_control_systemMatch5.1.0.44.1

ciscosecure_access_control_systemMatch5.1.0.44.2

ciscosecure_access_control_systemMatch5.1.0.44.3

ciscosecure_access_control_systemMatch5.1.0.44.4

ciscosecure_access_control_systemMatch5.1.0.44.5

ciscosecure_access_control_systemMatch5.2

ciscosecure_access_control_systemMatch5.2.0.26

ciscosecure_access_control_systemMatch5.2.0.26.1

ciscosecure_access_control_systemMatch5.2.0.26.2

ciscosecure_access_control_systemMatch5.3.0.40.1

ciscosecure_access_control_systemMatch5.3.0.40.2

ciscosecure_access_control_systemMatch5.3.0.40.3

ciscosecure_access_control_systemMatch5.3.0.40.4

ciscosecure_access_control_systemMatch5.3.0.40.5

ciscosecure_access_control_systemMatch5.3.0.40.6

ciscosecure_access_control_systemMatch5.3.0.40.7

ciscosecure_access_control_systemMatch5.3.0.40.8

ciscosecure_access_control_systemMatch5.3.0.40.9

ciscosecure_access_control_systemMatch5.4.0.46.1

CPENameOperatorVersion
cisco:secure_access_control_systemcisco secure access control systemle5.4.0.46.2
cisco:secure_access_control_systemcisco secure access control systemeq5.1
cisco:secure_access_control_systemcisco secure access control systemeq5.1.0.44
cisco:secure_access_control_systemcisco secure access control systemeq5.1.0.44.1
cisco:secure_access_control_systemcisco secure access control systemeq5.1.0.44.2
cisco:secure_access_control_systemcisco secure access control systemeq5.1.0.44.3
cisco:secure_access_control_systemcisco secure access control systemeq5.1.0.44.4
cisco:secure_access_control_systemcisco secure access control systemeq5.1.0.44.5
cisco:secure_access_control_systemcisco secure access control systemeq5.2
cisco:secure_access_control_systemcisco secure access control systemeq5.2.0.26

CPE	Name	Operator	Version
cisco:secure_access_control_system	cisco secure access control system	le	5.4.0.46.2
cisco:secure_access_control_system	cisco secure access control system	eq	5.1
cisco:secure_access_control_system	cisco secure access control system	eq	5.1.0.44
cisco:secure_access_control_system	cisco secure access control system	eq	5.1.0.44.1
cisco:secure_access_control_system	cisco secure access control system	eq	5.1.0.44.2
cisco:secure_access_control_system	cisco secure access control system	eq	5.1.0.44.3
cisco:secure_access_control_system	cisco secure access control system	eq	5.1.0.44.4
cisco:secure_access_control_system	cisco secure access control system	eq	5.1.0.44.5
cisco:secure_access_control_system	cisco secure access control system	eq	5.2
cisco:secure_access_control_system	cisco secure access control system	eq	5.2.0.26