Lucene search

[email protected]CVE-2014-0667

HistoryJan 16, 2014 - 7:55 p.m.

CVE-2014-0667

2014-01-1619:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cisco

secure access control system

acs

rmi interface

authorization requirements

remote authenticated users

arbitrary files

cve-2014-0667

bug id cscud75169

nvd

6.3 Medium

AI Score

Confidence

Low

6.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:C/I:N/A:N

0.002 Low

EPSS

Percentile

64.6%

JSON

The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169.

CPENameOperatorVersion
cisco:secure_access_control_systemcisco secure access control systemeq-

CPE	Name	Operator	Version
cisco:secure_access_control_system	cisco secure access control system	eq	-

References

osvdb.org/102168

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0667

tools.cisco.com/security/center/viewAlert.x?alertId=32468

www.securityfocus.com/bid/64983

www.securitytracker.com/id/1029641

exchange.xforce.ibmcloud.com/vulnerabilities/90497

6.3 Medium

AI Score

Confidence

Low

6.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:C/I:N/A:N

0.002 Low

EPSS

Percentile

64.6%

JSON

Related for CVE-2014-0667

nessus1 prion1 cvelist1 cisco1