EUVD-2006-3223

Malware in sbrugna...

CVE-2013-5536

Cisco Secure Access Control System ACS does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service process crash via a flood of crafted packets, aka Bug ID CSCui51521...

Qualys Cloud Platform (VM, PC) 8.19.1 New Features

This new release of the Qualys Cloud Platform VM, PC, version 8.19.1, includes newly added technology support for HP Safeguard and CISCO ACS 5, collected via Qualys Out-of-Band Configuration Assessment. Feature Highlights Qualys Policy Compliance PC New Technology Support - Qualys now supports th...

Deserialization of untrusted data

A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by...

CVE-2018-0147

A vulnerability in Java deserialization used by Cisco Secure Access Control System ACS prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by...

CVE-2017-6769

A vulnerability in the web-based management interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. More Information: CSCve70587. Known...

How to Configure NetScaler MAS for readonly access via TACACS using Cisco ACS

Configure NetScaler MAS and Cisco ACS to provide readonly access to users for MAS...

Xxe

An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases:...

CVE-2017-3841

A vulnerability in the web interface of the Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.82.5...

Design/Logic Flaw

The Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page...

CVE-2015-6349

Cross-site scripting XSS vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

Improper access control

The REST API in Cisco Access Control Server ACS 5.50.46.2 allows remote attackers to cause a denial of service API outage by sending many requests, aka Bug ID CSCut62022...

The vulnerability of Cisco ACS’s microprogramming software allows a remote attacker to execute arbitrary code.

Overfilling the buffer in the dynamic memory of the nsshostnamedigitsdots function in the glibc library allows a remote attacker to execute arbitrary code by using the gethostbyname and gethostbyname2 functions...

Design/Logic Flaw

Cisco Secure Access Control Server ACS provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka...

CVE-2015-0580

Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System ACS before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027...

Design/Logic Flaw

The RBAC component in Cisco Secure Access Control System ACS allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034...

CVE-2014-8029

Open redirect vulnerability in the web interface in Cisco Secure Access Control System ACS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150...

CVE-2014-0649

The RMI interface in Cisco Secure Access Control System ACS 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180...

CVE-2014-0663

Cross-site scripting XSS vulnerability in the web framework in Cisco Secure Access Control System ACS allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625...

Cross site scripting

Cross-site scripting XSS vulnerability in the web interface in Cisco Secure Access Control System ACS allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431...