Lucene search
K
CiscoSecure Access Control System-

20 matches found

CVE
CVE
added 2013/02/19 11:0 p.m.65 views

CVE-2013-1125

Summary: CVE-2013-1125 affects Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, an...

6.8CVSS6.3AI score0.003EPSS
CVE
CVE
added 2013/04/29 9:0 p.m.63 views

CVE-2013-1196

The CVE-2013-1196 entry involves multiple Cisco products (ACS, Identity Services Engine, ANM, LMS, Prime NSM/DCNM, Quad, etc.) where the command-line interface does not properly validate input, allowing local users to obtain root privileges via unspecified vectors. Connected documents corroborate...

6.8CVSS6.3AI score0.003EPSS
CVE
CVE
added 2013/05/16 1:0 a.m.59 views

CVE-2013-1200

Cisco Secure Access Control System (ACS) is affected by a session fixation vulnerability tied to the lack of session identifier regeneration. An unauthenticated, remote attacker could hijack another user’s web session by capturing or reusing an existing session ID. The issue is documented as CVE-...

6.8CVSS6.8AI score0.01209EPSS
CVE
CVE
added 2014/01/20 2:0 a.m.59 views

CVE-2014-0668

Cisco Secure ACS Portal suffers a cross-site scripting (XSS) vulnerability due to insufficient input validation of a parameter in the ACS portal. This could allow a remote attacker to inject arbitrary script or HTML when a user visits a malicious link. Cisco’s advisory Cisco-SA-20140121-CVE-2014-...

4.3CVSS5.8AI score0.01488EPSS
CVE
CVE
added 2013/12/02 10:0 p.m.58 views

CVE-2013-6695

The CVE concerns Cisco Secure Accessibility Control System (ACS) where the RBAC implementation fails to verify privileges during support‑bundle downloads. This allows an authenticated remote attacker to obtain sensitive information by downloading the bundle, including read access to the user data...

4CVSS5.7AI score0.00947EPSS
CVE
CVE
added 2015/03/06 2:0 a.m.55 views

CVE-2014-2130

CVE-2014-2130 is a Cisco ACS (Secure Access Control Server) vulnerability caused by an unintentional default Tomcat administration web interface. An authenticated, remote attacker could access the Tomcat admin interface, modify ACS application and web interface configuration files, and thereby ex...

6.5CVSS7.1AI score0.04031EPSS
CVE
CVE
added 2015/01/09 2:0 a.m.54 views

CVE-2014-8027

CVE-2014-8027 affects Cisco Secure Access Control System (ACS) RBAC, where improper privilege validation allows an authenticated, remote attacker to perform Create/Read/Update/Delete on Network Identity Groups via crafted HTTP requests, escalating to Network Device Administrator privileges. The i...

6.5CVSS6.4AI score0.01633EPSS
CVE
CVE
added 2014/01/16 7:0 p.m.53 views

CVE-2014-0667

Cisco Secure Access Control System (ACS) is affected by CVE-2014-0667 due to insufficient authorization enforcement in the Remote Method Invocation (RMI) interface. A remote, authenticated attacker can read arbitrary files on the ACS server by issuing a crafted request to the RMI interface. The i...

6.3CVSS6.3AI score0.01405EPSS
CVE
CVE
added 2013/07/15 3:0 p.m.52 views

CVE-2013-3428

CVE-2013-3428 affects Cisco Secure Access Control System (ACS). The web interface does not properly suppress error-condition details due to insufficient filtering of error output, allowing remote authenticated users to obtain sensitive information via an error-triggering request (Bug ID CSCue6595...

4CVSS5.9AI score0.00947EPSS
CVE
CVE
added 2013/07/12 9:0 p.m.51 views

CVE-2013-3422

CVE-2013-3422 describes a Cross-Site Scripting (XSS) vulnerability in the Administration pages of Cisco Secure Access Control System (ACS). The root cause is insufficient input validation of a parameter, allowing unauthenticated, remote attackers to craft links that execute arbitrary web script o...

4.3CVSS5.8AI score0.00931EPSS
CVE
CVE
added 2013/09/04 1:0 a.m.50 views

CVE-2013-5470

Cisco Secure ACS is affected by CVE-2013-5470 due to a flaw in the TACACS+ socket read function that allows an unauthenticated, remote attacker to crash the runtime process and cause a denial of service. The issue stems from improper processing of read requests on the TACACS+ socket, and can be t...

5CVSS6.8AI score0.0186EPSS
CVE
CVE
added 2013/07/12 9:0 p.m.48 views

CVE-2013-3423

CVE-2013-3423 describes a cross-site scripting (XSS) vulnerability in the web interface of Cisco Secure Access Control System (ACS). The issue allows remote attackers to inject arbitrary web script or HTML via an unspecified field due to insufficient input validation. Documentation confirms the a...

4.3CVSS5.8AI score0.00931EPSS
CVE
CVE
added 2014/01/10 11:0 a.m.48 views

CVE-2013-6974

CVE-2013-6974 affects Cisco Secure Access Control System (ACS) web interface. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient input validation of a parameter, enabling an unauthenticated, remote attacker to inject arbitrary web script or HTML via a crafted link. Cisc...

4.3CVSS5.8AI score0.01445EPSS
CVE
CVE
added 2015/01/09 2:0 a.m.48 views

CVE-2014-8028

Cisco Secure ACS (Access Control Server) is affected by multiple cross-site scripting (XSS) vulnerabilities in its web framework. The issue stems from insufficient input validation of several parameters passed to the web server, allowing remote attackers to craft links that persuade users to exec...

4.3CVSS5.8AI score0.01161EPSS
CVE
CVE
added 2013/10/24 10:0 a.m.47 views

CVE-2013-5536

Cisco Secure Access Control System (ACS) is affected by a DoS vulnerability in its firewall modules due to improper implementation of the incoming-packet filter. An unauthenticated, remote attacker could crash internal processes by flooding the service with crafted packets (Bug ID CSCui51521). Mu...

5CVSS6.8AI score0.01497EPSS
CVE
CVE
added 2014/01/10 4:0 p.m.47 views

CVE-2014-0663

Cisco Secure Access Control System (ACS) web framework contains a Cross‑Site Scripting (XSS) flaw due to insufficient input validation of an unspecified parameter. An unauthenticated, remote attacker can lure a user to a malicious link to execute arbitrary web script or HTML in the web interface....

4.3CVSS5.8AI score0.01488EPSS
CVE
CVE
added 2015/01/09 2:0 a.m.47 views

CVE-2014-8029

CVE-2014-8029 affects Cisco Secure Access Control Server (ACS) web interface. It is a open redirect vulnerability due to insufficient input validation of a specific parameter, enabling an unauthenticated, remote attacker to lure users to arbitrary sites and conduct phishing via a crafted link. Ci...

5.8CVSS6.9AI score0.0118EPSS
CVE
CVE
added 2013/07/12 9:0 p.m.46 views

CVE-2013-3424

Cisco ACS is affected by CVE-2013-3424: a CSRF vulnerability in the Administration and View pages could allow an unauthenticated/remote attacker to hijack the authentication of a user (Bug CSCud75177). Impact per sources includes potential actions taken in the context of an authenticated session ...

6.8CVSS7.3AI score0.01189EPSS
CVE
CVE
added 2013/07/12 9:0 p.m.45 views

CVE-2013-3421

CVE-2013-3421 (Cisco ACS) describes a Cross-Site Scripting (XSS) vulnerability on the Help index page of Cisco Secure Access Control System (ACS). The issue arises from insufficient input validation of a parameter, enabling an unauthenticated, remote attacker to inject arbitrary script or HTML wh...

4.3CVSS5.8AI score0.00931EPSS
CVE
CVE
added 2014/01/25 10:0 p.m.44 views

CVE-2014-0678

CVE-2014-0678 affects Cisco Secure Access Control System (ACS) Portal Interface. The vulnerability stems from insufficient session management in the portal, allowing an authenticated remote attacker to hijack a user’s session and perform actions with the other user’s privileges. Cisco acknowledge...

5.5CVSS6.6AI score0.01426EPSS