Cisco

Secure Access Control Server

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-6349

  • EPSS 0.26%
  • Veröffentlicht 30.10.2015 10:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4

CVE-2015-6348

  • EPSS 0.16%
  • Veröffentlicht 30.10.2015 10:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified...

4

CVE-2015-6347

  • EPSS 0.14%
  • Veröffentlicht 30.10.2015 10:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page.

4.3

CVE-2015-6346

  • EPSS 0.26%
  • Veröffentlicht 30.10.2015 10:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

6.5

CVE-2015-6345

  • EPSS 0.31%
  • Veröffentlicht 30.10.2015 10:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.

4

CVE-2015-6300

  • EPSS 0.39%
  • Veröffentlicht 20.09.2015 14:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694.

9.3

CVE-2013-3466

  • EPSS 0.72%
  • Veröffentlicht 29.08.2013 12:07:53
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands...

5

CVE-2012-5424

  • EPSS 0.22%
  • Veröffentlicht 07.11.2012 23:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication...

7.5

CVE-2007-0105

  • EPSS 1.88%
  • Veröffentlicht 09.01.2007 00:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.

10

CVE-2006-4098

  • EPSS 14.34%
  • Veröffentlicht 31.12.2006 05:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet...