1570 matches found
CVE-2014-0668
Cisco Secure ACS Portal suffers a cross-site scripting (XSS) vulnerability due to insufficient input validation of a parameter in the ACS portal. This could allow a remote attacker to inject arbitrary script or HTML when a user visits a malicious link. Cisco’s advisory Cisco-SA-20140121-CVE-2014-...
CVE-2014-0650
The web interface in Cisco Secure Access Control System ACS 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962...
Design/Logic Flaw
The web interface in Cisco Secure Access Control System ACS 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962...
Authorization
The RMI interface in Cisco Secure Access Control System ACS 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187...
Cisco Secure ACS RMI Arbitrary File Read Vulnerability
A vulnerability in the Remote Method Invocation RMI interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to read arbitrary files on the Cisco Secure ACS server. The vulnerability is due to insufficient authorization enforcement. An attacker could...
CVE-2014-0667
Cisco Secure Access Control System (ACS) is affected by CVE-2014-0667 due to insufficient authorization enforcement in the Remote Method Invocation (RMI) interface. A remote, authenticated attacker can read arbitrary files on the ACS server by issuing a crafted request to the RMI interface. The i...
CVE-2014-0650
CVE-2014-0650 affects Cisco Secure Access Control System (ACS) 5.x up to, but not including, 5.4 Patch 3. The issue is in the web interface input validation that could allow a remote attacker to inject operating-system commands via a request to the web interface. The vulnerability is part of a se...
CVE-2014-0649
The CVE-2014-0649 issue affects Cisco Secure Access Control System (ACS) 5.x before 5.5, where the RMI interface does not properly enforce authorization, enabling a remote authenticated user to gain superadmin access via the RMI interface (Bug ID CSCud75180). Connected Cisco advisories confirm an...
CVE-2014-0648
Cisco Secure ACS is affected by CVE-2014-0648 via the RMI interface, where improper authentication/authorization could let remote attackers obtain administrative access through RMI endpoints (ports 2020/2030). The related Cisco advisory (cisco-sa-20140115-csacs) also documents additional RMI-rela...
CVE-2014-0667
The RMI interface in Cisco Secure Access Control System ACS does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169...
CVE-2014-0648
The RMI interface in Cisco Secure Access Control System ACS 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187...
Multiple Vulnerabilities in Cisco Secure Access Control System (cisco-sa-20140115-csacs)
The version of Cisco Secure Access Control System ACS running on the remote host is affected by one or more of the following issues : - A flaw in the authorization enforcement of the RMI interface could allow a remote, authenticated attacker to perform actions as superadmin. CVE-2014-0649 - A fla...
Multiple Vulnerabilities in Cisco Secure Access Control System
Cisco Secure Access Control System ACS is affected by the following vulnerabilities: Cisco Secure ACS RMI Privilege Escalation Vulernability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS Operating System Command Injection Vulnerability Cisco Secure ACS uses the...
Cisco Releases Security Advisory for Cisco Secure Access Control System
Cisco has released a security advisory to address multiple vulnerabilities in Cisco Secure Access Control System ACS. These vulnerabilities affect the following: Cisco Secure ACS RMI Privilege Escalation Vulnerability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS...
Cross site scripting
Cross-site scripting XSS vulnerability in the web framework in Cisco Secure Access Control System ACS allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625...
CVE-2014-0663
Cisco Secure Access Control System (ACS) web framework contains a Cross‑Site Scripting (XSS) flaw due to insufficient input validation of an unspecified parameter. An unauthenticated, remote attacker can lure a user to a malicious link to execute arbitrary web script or HTML in the web interface....
CVE-2014-0663
Cross-site scripting XSS vulnerability in the web framework in Cisco Secure Access Control System ACS allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625...
Cisco Secure Access Control System Cross-Site Scripting Vulnerability
A vulnerability in Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a parameter. An attacke...
CVE-2013-6974
CVE-2013-6974 affects Cisco Secure Access Control System (ACS) web interface. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient input validation of a parameter, enabling an unauthenticated, remote attacker to inject arbitrary web script or HTML via a crafted link. Cisc...
Stuxnet Malware Mitigation (Update B)
Overview In July, ICS-CERT published an advisory and a series of updates regarding the Stuxnet malware entitled “ICSA-10-201 USB Malware Targeting Siemens Control Software.” Since then, ICS-CERT has continued analysis of the Stuxnet malware in an effort to determine more about its capabilities an...