Lucene search

CiscoCVE-2014-0663

HistoryJan 10, 2014 - 4:47 p.m.

CVE-2014-0663

2014-01-1016:47:06

CWE-79

cisco

web.nvd.nist.gov

cisco

secure access control system

acs

xss

vulnerability

web framework

remote attackers

web script

html

bug id cscum03625

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

58.9%

JSON

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625.

Affected configurations

Nvd

Node

ciscosecure_access_control_systemMatch-

VendorProductVersionCPE
ciscosecure_access_control_system-cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	secure_access_control_system	-	cpe:2.3:a:cisco:secure_access_control_system:-:::::::*

References

osvdb.org/101914

secunia.com/advisories/56382

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0663

tools.cisco.com/security/center/viewAlert.x?alertId=32403

www.securityfocus.com/bid/64773

www.securitytracker.com/id/1029595

exchange.xforce.ibmcloud.com/vulnerabilities/90232

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

58.9%

JSON

Related for CVE-2014-0663