Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2018-0253
HistoryMay 02, 2018 - 10:29 p.m.

CVE-2018-0253

2018-05-0222:29:00
CWE-20
cisco
web.nvd.nist.gov
47
cisco
secure access control system
acs
cve-2018-0253
vulnerability
remote code execution
nvd
cybersecurity
amf protocol
cisco bug ids

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

74.9%

JSON

A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user’s privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the attacker to execute arbitrary commands on the ACS device. This vulnerability affects all releases of Cisco Secure ACS prior to Release 5.8 Patch 7. Cisco Bug IDs: CSCve69037.

Affected configurations

Nvd
Node
ciscosecure_access_control_systemRange<5.8
OR
ciscosecure_access_control_systemMatch5.8
OR
ciscosecure_access_control_systemMatch5.8p1
OR
ciscosecure_access_control_systemMatch5.8p2
OR
ciscosecure_access_control_systemMatch5.8p3
OR
ciscosecure_access_control_systemMatch5.8p4
OR
ciscosecure_access_control_systemMatch5.8p6
OR
ciscosecure_access_control_systemMatch5.8\(0.8\)
VendorProductVersionCPE
ciscosecure_access_control_system*cpe:2.3:a:cisco:secure_access_control_system:*:*:*:*:*:*:*:*
ciscosecure_access_control_system5.8cpe:2.3:a:cisco:secure_access_control_system:5.8:*:*:*:*:*:*:*
ciscosecure_access_control_system5.8cpe:2.3:a:cisco:secure_access_control_system:5.8:p1:*:*:*:*:*:*
ciscosecure_access_control_system5.8cpe:2.3:a:cisco:secure_access_control_system:5.8:p2:*:*:*:*:*:*
ciscosecure_access_control_system5.8cpe:2.3:a:cisco:secure_access_control_system:5.8:p3:*:*:*:*:*:*
ciscosecure_access_control_system5.8cpe:2.3:a:cisco:secure_access_control_system:5.8:p4:*:*:*:*:*:*
ciscosecure_access_control_system5.8cpe:2.3:a:cisco:secure_access_control_system:5.8:p6:*:*:*:*:*:*
ciscosecure_access_control_system5.8(0.8)cpe:2.3:a:cisco:secure_access_control_system:5.8\(0.8\):*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco Secure Access Control System",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Secure Access Control System"
      }
    ]
  }
]

Related

prion 1
ptsecurity 1
nessus 1
cvelist 1
cisco 1
nvd 1
prion
prion
Input validation
2018-05-02 22:29:00
ptsecurity
ptsecurity
PT-2018-27: Arbitrary Command Execution in Cisco Secure ACS
2017-01-06 00:00:00
nessus
nessus
Cisco Secure Access Control (cisco-sa-20180502-acs1)
2018-06-07 00:00:00
cvelist
cvelist
CVE-2018-0253
2018-05-02 22:00:00
cisco
cisco
Cisco Secure Access Control System Remote Code Execution Vulnerability
2018-05-02 16:00:00
nvd
nvd
CVE-2018-0253
2018-05-02 22:29:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.004

Percentile

74.9%

JSON
Related for CVE-2018-0253
prion1ptsecurity1nessus1cvelist1cisco1nvd1