Cisco

Secure Access Control Server

29 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-6349

  • EPSS 0.26%
  • Published 30.10.2015 10:59:07
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4

CVE-2015-6348

  • EPSS 0.16%
  • Published 30.10.2015 10:59:06
  • Last modified 12.04.2025 10:46:40

The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified...

4

CVE-2015-6347

  • EPSS 0.14%
  • Published 30.10.2015 10:59:04
  • Last modified 12.04.2025 10:46:40

The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page.

4.3

CVE-2015-6346

  • EPSS 0.26%
  • Published 30.10.2015 10:59:03
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

6.5

CVE-2015-6345

  • EPSS 0.31%
  • Published 30.10.2015 10:59:02
  • Last modified 12.04.2025 10:46:40

SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.

4

CVE-2015-6300

  • EPSS 0.39%
  • Published 20.09.2015 14:59:05
  • Last modified 12.04.2025 10:46:40

Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694.

9.3

CVE-2013-3466

  • EPSS 0.72%
  • Published 29.08.2013 12:07:53
  • Last modified 11.04.2025 00:51:21

The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands...

5

CVE-2012-5424

  • EPSS 0.22%
  • Published 07.11.2012 23:55:01
  • Last modified 11.04.2025 00:51:21

Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication...

7.5

CVE-2007-0105

  • EPSS 1.88%
  • Published 09.01.2007 00:28:00
  • Last modified 09.04.2025 00:30:58

Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.

10

CVE-2006-4098

  • EPSS 14.34%
  • Published 31.12.2006 05:00:00
  • Last modified 09.04.2025 00:30:58

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet...