Cisco

Secure Access Control System

28 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2018-0253

  • EPSS 4.51%
  • Published 02.05.2018 22:29:00
  • Last modified 21.11.2024 03:37:49

A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the target...

10

CVE-2018-0147

Warning
  • EPSS 19.92%
  • Published 08.03.2018 07:29:00
  • Last modified 27.01.2025 20:19:26

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to ins...

4

CVE-2015-4219

  • EPSS 0.41%
  • Published 24.06.2015 10:59:12
  • Last modified 12.04.2025 10:46:40

Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive inf...

6.5

CVE-2014-2130

  • EPSS 1.15%
  • Published 06.03.2015 02:59:00
  • Last modified 12.04.2025 10:46:40

Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary co...

6.5

CVE-2015-0580

  • EPSS 0.11%
  • Published 12.02.2015 01:59:21
  • Last modified 12.04.2025 10:46:40

Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, ak...

5.8

CVE-2014-8029

  • EPSS 0.33%
  • Published 09.01.2015 02:59:05
  • Last modified 12.04.2025 10:46:40

Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150.

4.3

CVE-2014-8028

  • EPSS 0.33%
  • Published 09.01.2015 02:59:04
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019.

6.5

CVE-2014-8027

  • EPSS 0.16%
  • Published 09.01.2015 02:59:03
  • Last modified 12.04.2025 10:46:40

The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.

5.5

CVE-2014-0678

  • EPSS 0.38%
  • Published 25.01.2014 22:55:03
  • Last modified 11.04.2025 00:51:21

The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951.

4.3

CVE-2014-0668

  • EPSS 0.56%
  • Published 20.01.2014 04:58:49
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949.