9

CVE-2014-0649

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoSecure Access Control System Version <= 5.4.0.46.6
CiscoSecure Access Control System Version5.1.0.44
CiscoSecure Access Control System Version5.1.0.44.1
CiscoSecure Access Control System Version5.1.0.44.2
CiscoSecure Access Control System Version5.1.0.44.3
CiscoSecure Access Control System Version5.1.0.44.4
CiscoSecure Access Control System Version5.1.0.44.5
CiscoSecure Access Control System Version5.2.0.26
CiscoSecure Access Control System Version5.2.0.26.1
CiscoSecure Access Control System Version5.2.0.26.2
CiscoSecure Access Control System Version5.3.0.40.1
CiscoSecure Access Control System Version5.3.0.40.2
CiscoSecure Access Control System Version5.3.0.40.3
CiscoSecure Access Control System Version5.3.0.40.4
CiscoSecure Access Control System Version5.3.0.40.5
CiscoSecure Access Control System Version5.3.0.40.6
CiscoSecure Access Control System Version5.3.0.40.7
CiscoSecure Access Control System Version5.3.0.40.8
CiscoSecure Access Control System Version5.3.0.40.9
CiscoSecure Access Control System Version5.4.0.46.1
CiscoSecure Access Control System Version5.4.0.46.2
CiscoSecure Access Control System Version5.4.0.46.3
CiscoSecure Access Control System Version5.4.0.46.4
CiscoSecure Access Control System Version5.4.0.46.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.65% 0.836
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/56213
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs
Vendor Advisory
http://www.securitytracker.com/id/1029634
Third Party Advisory
VDB Entry
http://osvdb.org/102116
http://tools.cisco.com/security/center/viewAlert.x?alertId=32378
Vendor Advisory
http://www.securityfocus.com/bid/64958
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/90430