10

CVE-2014-0650

The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962.

Data is provided by the National Vulnerability Database (NVD)
CiscoSecure Access Control System Version <= 5.4.0.46.2
CiscoSecure Access Control System Version5.1.0.44
CiscoSecure Access Control System Version5.1.0.44.1
CiscoSecure Access Control System Version5.1.0.44.2
CiscoSecure Access Control System Version5.1.0.44.3
CiscoSecure Access Control System Version5.1.0.44.4
CiscoSecure Access Control System Version5.1.0.44.5
CiscoSecure Access Control System Version5.2.0.26
CiscoSecure Access Control System Version5.2.0.26.1
CiscoSecure Access Control System Version5.2.0.26.2
CiscoSecure Access Control System Version5.3.0.40.1
CiscoSecure Access Control System Version5.3.0.40.2
CiscoSecure Access Control System Version5.3.0.40.3
CiscoSecure Access Control System Version5.3.0.40.4
CiscoSecure Access Control System Version5.3.0.40.5
CiscoSecure Access Control System Version5.3.0.40.6
CiscoSecure Access Control System Version5.3.0.40.7
CiscoSecure Access Control System Version5.3.0.40.8
CiscoSecure Access Control System Version5.3.0.40.9
CiscoSecure Access Control System Version5.4.0.46.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 6.62% 0.908
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1029634
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/64964
Third Party Advisory
VDB Entry