Secure Access Control System@- Security Vulnerabilities and Issues — Secure Access Control System@- CVE List

Lucene search

CiscoSecure Access Control System-

11 matches found

CVE•added 2013/04/29 9:55 p.m.•50 views

CVE-2013-1196

The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Ser...

6.8CVSS6.3AI score0.00084EPSS

CVE•added 2013/12/02 10:55 p.m.•47 views

CVE-2013-6695

The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug...

4CVSS5.7AI score0.00176EPSS

CVE•added 2013/02/19 11:55 p.m.•44 views

CVE-2013-1125

The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and N...

6.8CVSS6.3AI score0.00084EPSS

CVE•added 2013/07/12 9:55 p.m.•41 views

CVE-2013-3422

Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75165.

4.3CVSS5.8AI score0.00263EPSS

CVE•added 2013/05/16 3:36 a.m.•39 views

CVE-2013-1200

Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787.

6.8CVSS6.8AI score0.00365EPSS

CVE•added 2013/07/15 3:55 p.m.•39 views

CVE-2013-3428

The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957.

4CVSS5.9AI score0.00162EPSS

CVE•added 2013/07/12 9:55 p.m.•38 views

CVE-2013-3423

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCud75174.

4.3CVSS5.8AI score0.00263EPSS

CVE•added 2013/09/04 3:24 a.m.•38 views

CVE-2013-5470

Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488.

5CVSS6.8AI score0.00687EPSS

CVE•added 2013/10/24 10:53 a.m.•36 views

CVE-2013-5536

Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafted packets, aka Bug ID CSCui51521.

5CVSS6.8AI score0.00438EPSS

CVE•added 2013/07/12 9:55 p.m.•35 views

CVE-2013-3424

Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177.

6.8CVSS7.3AI score0.00116EPSS

CVE•added 2013/07/12 9:55 p.m.•34 views

CVE-2013-3421

Cross-site scripting (XSS) vulnerability in the Help index page in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75170.

4.3CVSS5.8AI score0.00263EPSS