Vulnerability in Cisco Secure_access_control_system
CVE-2014-0648
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this inter…
EPSS: 0.071 (91.7th percentile) — read the EPSS interpretation.
Affected products
- Cisco Secure_access_control_system — versions 5.1, 5.1.0.44, 5.1.0.44.1
- N/a — versions n/a
Weakness classification (CWE)
References
- 64962 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- 56213 (x_refsource_SECUNIA, third-party-advisory)
- cisco-acs-cve20140648-unauth-access(90431) (vdb-entry, x_refsource_XF)
- 102117 (x_refsource_OSVDB, vdb-entry)
- 1029634 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
- 20140115 Multiple Vulnerabilities in Cisco Secure Access Control System (x_refsource_CISCO, vendor-advisory, Vendor Advisory)