Lucene search

CiscoCVE-2014-8028

HistoryJan 09, 2015 - 2:59 a.m.

CVE-2014-8028

2015-01-0902:59:04

CWE-79

cisco

web.nvd.nist.gov

cisco

secure access control system

acs

xss

vulnerabilities

web framework

remote attackers

arbitrary script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019.

Affected configurations

Nvd

Node

ciscosecure_access_control_systemMatch-

VendorProductVersionCPE
ciscosecure_access_control_system-cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	secure_access_control_system	-	cpe:2.3:a:cisco:secure_access_control_system:-:::::::*

References

secunia.com/advisories/62159

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8028

www.securityfocus.com/bid/71946

www.securitytracker.com/id/1031515

exchange.xforce.ibmcloud.com/vulnerabilities/100553

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.5%

JSON

Related for CVE-2014-8028