Cisco Secure Access Control Server XML External Entity Injection Vulnerability

A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities XXEs when parsing an XML file. An attack...

Cisco Secure Access Control Server Detection (HTTP)

Detection of running version of Cisco Secure Access Control Server. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2018-0207

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities...

CVE-2018-0218

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities...

CVE-2018-0207

CVE-2018-0207 affects the Cisco Secure Access Control Server web-based UI (pre-5.8 patch 9). It’s an XXE handling flaw in XML parsing that could let an unauthenticated, remote attacker gain read access to certain information by enticing an administrator to import a crafted XML file. Concrete affe...

CVE-2018-0218

CVE-2018-0218 affects Cisco Secure Access Control Server (ACS) web UI prior to 5.8 patch 9. The issue arises from improper handling of XML External Entities (XXEs) when parsing XML files, enabling an unauthenticated, remote attacker to read information from the system. Connected sources identify ...

Cisco ACS Solution Engine Cross-Site Scripting Vulnerability

Cisco Secure Access Control Server ACS is a security access control server from Cisco, Inc.Solution Engine is one of the server engine solutions. Cisco Secure Access Control Server ACS version 5.70.15, an XSS vulnerability exists in the web interface of Solution Engine. A remote attacker could...

Cross site scripting

Cross-site scripting XSS vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server ACS 5.70.15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-6346

CVE-2015-6346 is a cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) web interface, specifically in ACS 5.7(0.15). The root cause, per Cisco’s advisory, is a lack of input validation in DOM handling, enabling a DOM-based XSS when a crafted URL is processed. The ...

CVE-2015-6348

The CVE-2015-6348 issue affects Cisco Secure Access Control Server (ACS) 5.7(0.15) where the report-generation web interface contains RBAC validation weaknesses. An authenticated remote user could access restricted report/status pages via the report-generation web interface, potentially exposing ...

CVE-2015-6349

CVE-2015-6349 affects Cisco Secure Access Control Server (ACS) 5.7(0.15) Solution Engine, where the web interface is vulnerable to reflecte d cross-site scripting due to lack of input validation on user-supplied input. An unauthenticated, remote attacker could exploit a crafted URL to inject arbi...

CVE-2015-6347

CVE-2015-6347 affects Cisco Secure Access Control Server (ACS) 5.7(0.15) where the Solution Engine allows remote authenticated users to bypass RBAC and create a dashboard or portlet by visiting an unrestricted web page. The root cause is flawed RBAC validation when creating administrative dashboa...

Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Secure Access Control Server ACS web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a reflective cross-site scripting XSS attack. The vulnerability is due to a lack of input validation on user-supplied...

Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability

A vulnerability in the role-based access control RBAC implementation of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to impact the integrity of the system by modifying dashboard portlets that should be restricted. The vulnerability is due to improper...

Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Secure Access Control Server ACS web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model DOM-based, environment or client side, cross-site scripting XSS attack. The vulnerability is due t...

CVE-2015-6300

CVE-2015-6300 affects Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15). A vulnerability in the SSH feature allows remote authenticated users to cause a denial of service by issuing crafted commands via CLI or GUI, triggering an SSH screen process crash (Bug ID CSCuw24694). The C...

Cisco Secure Access Control Server SSH Login Denial of Service Vulnerability

A vulnerability in the Secure Shell SSH feature of the Cisco Secure Access Control Server ACS could allow an authenticated, remote attacker to cause a partial denial of service DoS condition due to the SSH screen process unexpectedly terminating. The vulnerability is due to improper input...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.50.46.5 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924...

CVE-2015-0700

Cisco Secure Access Control Server Solution Engine Dashboard page in the monitoring-and-report section is affected by a CSRF vulnerability (CVE-2015-0700) prior to 5.5(0.46.5). An unauthenticated remote attacker can lure a user to a malicious link to perform actions in the context of that user. R...

CISCO vulnerability allows remote attacker to take control of Windows system

Cisco has fixed a critical vulnerability in Secure Access Control Server for Windows that could allow remote attackers to execute arbitrary commands and take control of the underlying operating system. Cisco Secure ACS is an application that allows companies to centrally manage access to network...