Lucene search
+L

238 matches found

Cvelist
Cvelist
added 2013/06/12 1:0 a.m.21 views

CVE-2013-3380

The administrative web interface in the Access Control Server in Cisco Secure Access Control System ACS does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279...

5.7AI score0.01332EPSS
Exploits0References1
Cisco
Cisco
added 2013/05/16 3:28 p.m.45 views

Cisco Secure Access Control System Session Fixation Web Vulnerability

A vulnerability in the web interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to acquire the session identifier of another user's session. The vulnerability is due to the lack of session identifier regeneration. An attacker could exploit this...

6.8CVSS2.1AI score0.01209EPSS
Exploits0References1
NVD
NVD
added 2013/05/16 3:36 a.m.20 views

CVE-2013-1200

Session fixation vulnerability in Cisco Secure Access Control System ACS allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787...

6.8CVSS6.7AI score0.01209EPSS
Exploits0References1
Prion
Prion
added 2013/05/16 3:36 a.m.14 views

Session fixation

Session fixation vulnerability in Cisco Secure Access Control System ACS allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787...

6.8CVSS7.2AI score0.01209EPSS
Exploits0References1
CVE
CVE
added 2013/05/16 1:0 a.m.59 views

CVE-2013-1200

Cisco Secure Access Control System (ACS) is affected by a session fixation vulnerability tied to the lack of session identifier regeneration. An unauthenticated, remote attacker could hijack another user’s web session by capturing or reusing an existing session ID. The issue is documented as CVE-...

6.8CVSS6.8AI score0.01209EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/05/16 1:0 a.m.20 views

CVE-2013-1200

Session fixation vulnerability in Cisco Secure Access Control System ACS allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787...

6.7AI score0.01209EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/04/29 9:0 p.m.31 views

CVE-2013-1196

The command-line interface in Cisco Secure Access Control System ACS, Identity Services Engine Software, Context Directory Agent, Application Networking Manager ANM, Prime Network Control System, Prime LAN Management Solution LMS, Prime Collaboration, Unified Provisioning Manager, Network Service...

6.1AI score0.003EPSS
Exploits0References1
securityvulns
securityvulns
added 2012/11/09 12:0 a.m.27 views

Cisco Secure Access Control System authentication bypass

Insufficient password check if TACACS+ authentication is used with LDAP...

5CVSS3.1AI score0.02452EPSS
Exploits0Affected Software1
CVE
CVE
added 2012/11/07 11:0 p.m.57 views

CVE-2012-5424

CVE-2012-5424 affects Cisco Secure Access Control System (ACS) 5.x prior to 5.2 Patch 11 and 5.3 prior to 5.3 Patch 7. When configured with LDAP as external identity store and TACACS+ for authentication, the system fails to properly validate the user-supplied password, enabling an unauthenticated...

5CVSS7.2AI score0.02452EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2012/11/07 11:0 p.m.23 views

CVE-2012-5424

Cisco Secure Access Control System ACS 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted passwo...

6.9AI score0.02452EPSS
Exploits0References6
exploitpack
exploitpack
added 2012/11/01 12:0 a.m.44 views

SIEMENS Sipass Integrated 2.6 Ethernet Bus - Arbitrary Pointer Dereference

SIEMENS Sipass Integrated 2.6 Ethernet Bus - Arbitrary Pointer Dereference IOActive Security Advisory Title: SIEMENS Sipass Integrated 2.6 Ethernet Bus Arbitrary Pointer Dereference Severity: Critical Discovered by: Lucas Apa Date Reported: 09/11/12 CVE: TBD Siemens Advisory: SSA-938777...

0.4AI score
Exploits0
NVD
NVD
added 2011/04/04 12:27 p.m.30 views

CVE-2011-0951

The web-based management interface in Cisco Secure Access Control System ACS 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440...

5CVSS6.8AI score0.1464EPSS
Exploits2References6
Prion
Prion
added 2011/04/04 12:27 p.m.18 views

Design/Logic Flaw

The web-based management interface in Cisco Secure Access Control System ACS 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440...

5CVSS7.3AI score0.1464EPSS
Exploits2References6Affected Software1
CVE
CVE
added 2011/04/01 9:0 p.m.66 views

CVE-2011-0951

CVE-2011-0951 affects Cisco Secure Access Control System (ACS) 5.1 (with patches 3/4/5) and 5.2 (no patches or patches 1–2). The web-based management interface contains an authentication/authorization flaw that lets a remote, unauthenticated attacker change arbitrary user passwords via unspecifie...

5CVSS6.9AI score0.1464EPSS
Exploits2References6Affected Software1
securityvulns
securityvulns
added 2011/03/31 12:0 a.m.51 views

Cisco Secure Access Control System privilege escalation

It's possible to reset any user's password...

5CVSS3.5AI score0.1464EPSS
Exploits2References1
Cisco
Cisco
added 2011/03/30 4:24 p.m.29 views

Cisco Secure Access Control System Password Modification Vulnerability

Cisco Secure Access Control System ACS contains a vulnerability that could allow an unauthenticated, remote attacker to modify user passwords. The vulnerability is due to improper security restrictions on user password change functions in the web-based management interface of the Cisco Secure ACS...

5CVSS6.6AI score0.1464EPSS
Exploits2References1
Prion
Prion
added 2010/01/05 6:13 p.m.19 views

Cross site request forgery (csrf)

Unspecified vulnerability in the management console in the S2 Security Linear eMerge Access Control System 2.5.x allows remote attackers to cause a denial of service configuration reset via a request to a crafted URI...

5CVSS7AI score0.01779EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2010/01/05 6:0 p.m.29 views

CVE-2009-3734

Unspecified vulnerability in the management console in the S2 Security Linear eMerge Access Control System 2.5.x allows remote attackers to cause a denial of service configuration reset via a request to a crafted URI...

6.5AI score0.01779EPSS
Exploits0References5
Rows per page
Query Builder