Lucene search

[email protected]CVE-2014-8028

HistoryJan 09, 2015 - 2:59 a.m.

CVE-2014-8028

2015-01-0902:59:04

CWE-79

[email protected]

web.nvd.nist.gov

cisco

secure access control system

acs

xss

vulnerabilities

web framework

remote attackers

arbitrary script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019.

Affected configurations

NVD

Node

ciscosecure_access_control_systemMatch-

CPENameOperatorVersion
cisco:secure_access_control_systemcisco secure access control systemeq-

CPE	Name	Operator	Version
cisco:secure_access_control_system	cisco secure access control system	eq	-

References

secunia.com/advisories/62159

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8028

www.securityfocus.com/bid/71946

www.securitytracker.com/id/1031515

exchange.xforce.ibmcloud.com/vulnerabilities/100553

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

Related for CVE-2014-8028

cvelist1 nvd1 prion1 cisco1