Improper input validation in Cisco Secure_access_control_system

CVE-2014-0650

The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.066 (91.4th percentile) — read the EPSS interpretation.

Affected products

Cisco Secure_access_control_system — versions 5.1, 5.1.0.44, 5.1.0.44.1
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

102115 (x_refsource_OSVDB, vdb-entry)
56213 (x_refsource_SECUNIA, third-party-advisory)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
64964 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
1029634 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
cisco-acs-cve20140650-command-exec(90432) (vdb-entry, x_refsource_XF)
20140115 Multiple Vulnerabilities in Cisco Secure Access Control System (x_refsource_CISCO, vendor-advisory, Vendor Advisory)