CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
74.9%
A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user’s privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the attacker to execute arbitrary commands on the ACS device. This vulnerability affects all releases of Cisco Secure ACS prior to Release 5.8 Patch 7. Cisco Bug IDs: CSCve69037.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | secure_access_control_system | * | cpe:2.3:a:cisco:secure_access_control_system:*:*:*:*:*:*:*:* |
cisco | secure_access_control_system | 5.8 | cpe:2.3:a:cisco:secure_access_control_system:5.8:*:*:*:*:*:*:* |
cisco | secure_access_control_system | 5.8 | cpe:2.3:a:cisco:secure_access_control_system:5.8:p1:*:*:*:*:*:* |
cisco | secure_access_control_system | 5.8 | cpe:2.3:a:cisco:secure_access_control_system:5.8:p2:*:*:*:*:*:* |
cisco | secure_access_control_system | 5.8 | cpe:2.3:a:cisco:secure_access_control_system:5.8:p3:*:*:*:*:*:* |
cisco | secure_access_control_system | 5.8 | cpe:2.3:a:cisco:secure_access_control_system:5.8:p4:*:*:*:*:*:* |
cisco | secure_access_control_system | 5.8 | cpe:2.3:a:cisco:secure_access_control_system:5.8:p6:*:*:*:*:*:* |
cisco | secure_access_control_system | 5.8(0.8) | cpe:2.3:a:cisco:secure_access_control_system:5.8\(0.8\):*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
74.9%