Vulnerability in Cisco Secure_access_control_system

CVE-2014-0667

The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169.

EPSS: 0.006 (70.6th percentile) — read the EPSS interpretation.

Affected products

Cisco Secure_access_control_system
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

1029641 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
64983 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
102168 (x_refsource_OSVDB, vdb-entry)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
20140116 Cisco Secure ACS RMI Arbitrary File Read Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
cisco-acs-cve20140667-info-disc(90497) (vdb-entry, x_refsource_XF)