Vulnerability in Cisco Context_directory_agent
CVE-2014-0651
The administrative interface in Cisco Context Directory Agent (CDA) does not properly enforce authorization requirements, which allows remote authenticated users to obtain administrative access by hijacking a session, aka Bug ID CSCuj45347.
EPSS: 0.004 (62.6th percentile) — read the EPSS interpretation.
Affected products
- Cisco Context_directory_agent
- N/a — versions n/a
Weakness classification (CWE)
References
- 101809 (x_refsource_OSVDB, vdb-entry)
- psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
- 56365 (x_refsource_SECUNIA, third-party-advisory)
- 1029573 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- 20140107 Cisco Context Directory Agent Privilege Escalation Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- cisco-cda-cve20140651-priv-esc(90166) (vdb-entry, x_refsource_XF)
- 64706 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)