CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
61.4%
Cisco Secure Access Control System (ACS) prior to version 5.5 patch 8 is vulnerable to a SQL injection
attack in the ACS View reporting interface pages. A
successful attack could allow an authenticated, remote attacker to access and modify information such as RADIUS accounting records stored in one of the ACS View databases or to access information in the underlying file system. A previous version of this advisory indicated that a product running version 5.5 patch 7 was not vulnerable; however, customers running version 5.5 patch 7 should upgrade to patch 8 to completely mitigate the vulnerability described in this advisory.
Cisco has released software updates that address this vulnerability.
This advisory is available at the following link:
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | secure_access_control_system | any | cpe:2.3:a:cisco:secure_access_control_system:any:*:*:*:*:*:*:* |