Cisco

Secure Access Control System

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2018-0253

  • EPSS 4.51%
  • Veröffentlicht 02.05.2018 22:29:00
  • Zuletzt bearbeitet 21.11.2024 03:37:49

A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the target...

10

CVE-2018-0147

Warnung
  • EPSS 19.92%
  • Veröffentlicht 08.03.2018 07:29:00
  • Zuletzt bearbeitet 27.01.2025 20:19:26

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to ins...

4

CVE-2015-4219

  • EPSS 0.41%
  • Veröffentlicht 24.06.2015 10:59:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive inf...

6.5

CVE-2014-2130

  • EPSS 1.15%
  • Veröffentlicht 06.03.2015 02:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary co...

6.5

CVE-2015-0580

  • EPSS 0.11%
  • Veröffentlicht 12.02.2015 01:59:21
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, ak...

5.8

CVE-2014-8029

  • EPSS 0.33%
  • Veröffentlicht 09.01.2015 02:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150.

4.3

CVE-2014-8028

  • EPSS 0.33%
  • Veröffentlicht 09.01.2015 02:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019.

6.5

CVE-2014-8027

  • EPSS 0.16%
  • Veröffentlicht 09.01.2015 02:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.

5.5

CVE-2014-0678

  • EPSS 0.38%
  • Veröffentlicht 25.01.2014 22:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951.

4.3

CVE-2014-0668

  • EPSS 0.56%
  • Veröffentlicht 20.01.2014 04:58:49
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCue65949.