Design/Logic Flaw

2014-01-1619:55:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962.

CPENameOperatorVersion
secure_access_control_systemeq5.3.0.40.1
secure_access_control_systemeq5.3.0.40.7
secure_access_control_systemeq5.3.0.40.9
secure_access_control_systemeq5.3.0.40.2
secure_access_control_systemle5.4.0.46.2
secure_access_control_systemeq5.3.0.40.6
secure_access_control_systemeq5.3.0.40.5
secure_access_control_systemeq5.2
secure_access_control_systemeq5.2.0.26
secure_access_control_systemeq5.3.0.40.3

Name	Operator	Version
secure_access_control_system	eq	5.3.0.40.1
secure_access_control_system	eq	5.3.0.40.7
secure_access_control_system	eq	5.3.0.40.9
secure_access_control_system	eq	5.3.0.40.2
secure_access_control_system	le	5.4.0.46.2
secure_access_control_system	eq	5.3.0.40.6
secure_access_control_system	eq	5.3.0.40.5
secure_access_control_system	eq	5.2
secure_access_control_system	eq	5.2.0.26
secure_access_control_system	eq	5.3.0.40.3