Lucene search

CiscoCVE-2015-6348

HistoryOct 30, 2015 - 10:59 a.m.

CVE-2015-6348

2015-10-3010:59:06

CWE-264

cisco

web.nvd.nist.gov

cisco

secure access control server

acs

solution engine

cve-2015-6348

nvd

remote authentication

rbac restrictions

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

38.8%

JSON

The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.

Affected configurations

Nvd

Node

ciscosecure_access_control_serverMatch5.7.0.15

VendorProductVersionCPE
ciscosecure_access_control_server5.7.0.15cpe:2.3:a:cisco:secure_access_control_server:5.7.0.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	secure_access_control_server	5.7.0.15	cpe:2.3:a:cisco:secure_access_control_server:5.7.0.15:::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1

www.securitytracker.com/id/1033970

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

38.8%

JSON

Related for CVE-2015-6348