Lucene search

CiscoCVE-2014-0648

HistoryJan 16, 2014 - 7:55 p.m.

CVE-2014-0648

2014-01-1619:55:04

CWE-264

cisco

web.nvd.nist.gov

cve-2014-0648

cisco

secure access control system

acs

remote code execution

authentication bypass

authorization

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.011

Percentile

84.3%

JSON

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187.

Affected configurations

Nvd

Node

ciscosecure_access_control_systemRange≤5.4.0.46.6

ciscosecure_access_control_systemMatch5.1

ciscosecure_access_control_systemMatch5.1.0.44

ciscosecure_access_control_systemMatch5.1.0.44.1

ciscosecure_access_control_systemMatch5.1.0.44.2

ciscosecure_access_control_systemMatch5.1.0.44.3

ciscosecure_access_control_systemMatch5.1.0.44.4

ciscosecure_access_control_systemMatch5.1.0.44.5

ciscosecure_access_control_systemMatch5.2

ciscosecure_access_control_systemMatch5.2.0.26

ciscosecure_access_control_systemMatch5.2.0.26.1

ciscosecure_access_control_systemMatch5.2.0.26.2

ciscosecure_access_control_systemMatch5.3.0.40.1

ciscosecure_access_control_systemMatch5.3.0.40.2

ciscosecure_access_control_systemMatch5.3.0.40.3

ciscosecure_access_control_systemMatch5.3.0.40.4

ciscosecure_access_control_systemMatch5.3.0.40.5

ciscosecure_access_control_systemMatch5.3.0.40.6

ciscosecure_access_control_systemMatch5.3.0.40.7

ciscosecure_access_control_systemMatch5.3.0.40.8

ciscosecure_access_control_systemMatch5.3.0.40.9

ciscosecure_access_control_systemMatch5.4.0.46.1

ciscosecure_access_control_systemMatch5.4.0.46.2

ciscosecure_access_control_systemMatch5.4.0.46.3

ciscosecure_access_control_systemMatch5.4.0.46.4

ciscosecure_access_control_systemMatch5.4.0.46.5

VendorProductVersionCPE
ciscosecure_access_control_system*cpe:2.3:a:cisco:secure_access_control_system:*:*:*:*:*:*:*:*
ciscosecure_access_control_system5.1cpe:2.3:a:cisco:secure_access_control_system:5.1:*:*:*:*:*:*:*
ciscosecure_access_control_system5.1.0.44cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44:*:*:*:*:*:*:*
ciscosecure_access_control_system5.1.0.44.1cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.1:*:*:*:*:*:*:*
ciscosecure_access_control_system5.1.0.44.2cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.2:*:*:*:*:*:*:*
ciscosecure_access_control_system5.1.0.44.3cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.3:*:*:*:*:*:*:*
ciscosecure_access_control_system5.1.0.44.4cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.4:*:*:*:*:*:*:*
ciscosecure_access_control_system5.1.0.44.5cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.5:*:*:*:*:*:*:*
ciscosecure_access_control_system5.2cpe:2.3:a:cisco:secure_access_control_system:5.2:*:*:*:*:*:*:*
ciscosecure_access_control_system5.2.0.26cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	secure_access_control_system	*	cpe:2.3:a:cisco:secure_access_control_system::::::::
cisco	secure_access_control_system	5.1	cpe:2.3:a:cisco:secure_access_control_system:5.1:::::::*
cisco	secure_access_control_system	5.1.0.44	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44:::::::*
cisco	secure_access_control_system	5.1.0.44.1	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.1:::::::*
cisco	secure_access_control_system	5.1.0.44.2	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.2:::::::*
cisco	secure_access_control_system	5.1.0.44.3	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.3:::::::*
cisco	secure_access_control_system	5.1.0.44.4	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.4:::::::*
cisco	secure_access_control_system	5.1.0.44.5	cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.5:::::::*
cisco	secure_access_control_system	5.2	cpe:2.3:a:cisco:secure_access_control_system:5.2:::::::*
cisco	secure_access_control_system	5.2.0.26	cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26:::::::*

Rows per page:

1-10 of 261

References

osvdb.org/102117

secunia.com/advisories/56213

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs

tools.cisco.com/security/center/viewAlert.x?alertId=32379

www.securityfocus.com/bid/64962

www.securitytracker.com/id/1029634

exchange.xforce.ibmcloud.com/vulnerabilities/90431

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.011

Percentile

84.3%

JSON

Related for CVE-2014-0648