Vulnerability in Cisco Secure_access_control_system
CVE-2014-0649
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug…
EPSS: 0.018 (83.1th percentile) — read the EPSS interpretation.
Affected products
- Cisco Secure_access_control_system — versions 5.1, 5.1.0.44, 5.1.0.44.1
- N/a — versions n/a
Weakness classification (CWE)
References
- 56213 (x_refsource_SECUNIA, third-party-advisory)
- psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
- 1029634 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- 102116 (x_refsource_OSVDB, vdb-entry)
- 64958 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- cisco-acs-cve20140649-priv-esc(90430) (vdb-entry, x_refsource_XF)
- 20140115 Multiple Vulnerabilities in Cisco Secure Access Control System (x_refsource_CISCO, vendor-advisory, Vendor Advisory)