Lucene search

[email protected]CVE-2014-0678

HistoryJan 25, 2014 - 10:55 p.m.

CVE-2014-0678

2014-01-2522:55:03

CWE-264

[email protected]

web.nvd.nist.gov

cisco

acs

session hijacking

vulnerability

cve-2014-0678

nvd

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.6%

JSON

The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951.

Affected configurations

NVD

Node

ciscosecure_access_control_systemMatch-

CPENameOperatorVersion
cisco:secure_access_control_systemcisco secure access control systemeq-

CPE	Name	Operator	Version
cisco:secure_access_control_system	cisco secure access control system	eq	-

References

osvdb.org/102558

secunia.com/advisories/56540

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0678

tools.cisco.com/security/center/viewAlert.x?alertId=32567

www.securityfocus.com/bid/65144

www.securitytracker.com/id/1029688

exchange.xforce.ibmcloud.com/vulnerabilities/90732

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.6%

JSON

Related for CVE-2014-0678

cvelist1 cisco1 nessus1 prion1 nvd1