Design/Logic Flaw

2015-10-3010:59:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.8%

JSON

The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.

CPENameOperatorVersion
secure_access_control_servereq5.7.0.15

CPE	Name	Operator	Version
	secure_access_control_server	eq	5.7.0.15

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1

www.securitytracker.com/id/1033970