20 matches found
CVE-2013-1125
Summary: CVE-2013-1125 affects Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, an...
CVE-2013-1196
The CVE-2013-1196 entry involves multiple Cisco products (ACS, Identity Services Engine, ANM, LMS, Prime NSM/DCNM, Quad, etc.) where the command-line interface does not properly validate input, allowing local users to obtain root privileges via unspecified vectors. Connected documents corroborate...
CVE-2013-1200
Cisco Secure Access Control System (ACS) is affected by a session fixation vulnerability tied to the lack of session identifier regeneration. An unauthenticated, remote attacker could hijack another user’s web session by capturing or reusing an existing session ID. The issue is documented as CVE-...
CVE-2014-0668
Cisco Secure ACS Portal suffers a cross-site scripting (XSS) vulnerability due to insufficient input validation of a parameter in the ACS portal. This could allow a remote attacker to inject arbitrary script or HTML when a user visits a malicious link. Cisco’s advisory Cisco-SA-20140121-CVE-2014-...
CVE-2013-6695
The CVE concerns Cisco Secure Accessibility Control System (ACS) where the RBAC implementation fails to verify privileges during support‑bundle downloads. This allows an authenticated remote attacker to obtain sensitive information by downloading the bundle, including read access to the user data...
CVE-2014-2130
CVE-2014-2130 is a Cisco ACS (Secure Access Control Server) vulnerability caused by an unintentional default Tomcat administration web interface. An authenticated, remote attacker could access the Tomcat admin interface, modify ACS application and web interface configuration files, and thereby ex...
CVE-2014-8027
CVE-2014-8027 affects Cisco Secure Access Control System (ACS) RBAC, where improper privilege validation allows an authenticated, remote attacker to perform Create/Read/Update/Delete on Network Identity Groups via crafted HTTP requests, escalating to Network Device Administrator privileges. The i...
CVE-2014-0667
Cisco Secure Access Control System (ACS) is affected by CVE-2014-0667 due to insufficient authorization enforcement in the Remote Method Invocation (RMI) interface. A remote, authenticated attacker can read arbitrary files on the ACS server by issuing a crafted request to the RMI interface. The i...
CVE-2013-3428
CVE-2013-3428 affects Cisco Secure Access Control System (ACS). The web interface does not properly suppress error-condition details due to insufficient filtering of error output, allowing remote authenticated users to obtain sensitive information via an error-triggering request (Bug ID CSCue6595...
CVE-2013-3422
CVE-2013-3422 describes a Cross-Site Scripting (XSS) vulnerability in the Administration pages of Cisco Secure Access Control System (ACS). The root cause is insufficient input validation of a parameter, allowing unauthenticated, remote attackers to craft links that execute arbitrary web script o...
CVE-2013-5470
Cisco Secure ACS is affected by CVE-2013-5470 due to a flaw in the TACACS+ socket read function that allows an unauthenticated, remote attacker to crash the runtime process and cause a denial of service. The issue stems from improper processing of read requests on the TACACS+ socket, and can be t...
CVE-2013-3423
CVE-2013-3423 describes a cross-site scripting (XSS) vulnerability in the web interface of Cisco Secure Access Control System (ACS). The issue allows remote attackers to inject arbitrary web script or HTML via an unspecified field due to insufficient input validation. Documentation confirms the a...
CVE-2013-6974
CVE-2013-6974 affects Cisco Secure Access Control System (ACS) web interface. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient input validation of a parameter, enabling an unauthenticated, remote attacker to inject arbitrary web script or HTML via a crafted link. Cisc...
CVE-2014-8028
Cisco Secure ACS (Access Control Server) is affected by multiple cross-site scripting (XSS) vulnerabilities in its web framework. The issue stems from insufficient input validation of several parameters passed to the web server, allowing remote attackers to craft links that persuade users to exec...
CVE-2013-5536
Cisco Secure Access Control System (ACS) is affected by a DoS vulnerability in its firewall modules due to improper implementation of the incoming-packet filter. An unauthenticated, remote attacker could crash internal processes by flooding the service with crafted packets (Bug ID CSCui51521). Mu...
CVE-2014-0663
Cisco Secure Access Control System (ACS) web framework contains a Cross‑Site Scripting (XSS) flaw due to insufficient input validation of an unspecified parameter. An unauthenticated, remote attacker can lure a user to a malicious link to execute arbitrary web script or HTML in the web interface....
CVE-2014-8029
CVE-2014-8029 affects Cisco Secure Access Control Server (ACS) web interface. It is a open redirect vulnerability due to insufficient input validation of a specific parameter, enabling an unauthenticated, remote attacker to lure users to arbitrary sites and conduct phishing via a crafted link. Ci...
CVE-2013-3424
Cisco ACS is affected by CVE-2013-3424: a CSRF vulnerability in the Administration and View pages could allow an unauthenticated/remote attacker to hijack the authentication of a user (Bug CSCud75177). Impact per sources includes potential actions taken in the context of an authenticated session ...
CVE-2013-3421
CVE-2013-3421 (Cisco ACS) describes a Cross-Site Scripting (XSS) vulnerability on the Help index page of Cisco Secure Access Control System (ACS). The issue arises from insufficient input validation of a parameter, enabling an unauthenticated, remote attacker to inject arbitrary script or HTML wh...
CVE-2014-0678
CVE-2014-0678 affects Cisco Secure Access Control System (ACS) Portal Interface. The vulnerability stems from insufficient session management in the portal, allowing an authenticated remote attacker to hijack a user’s session and perform actions with the other user’s privileges. Cisco acknowledge...