Vulnerability in Cisco Secure_access_control_system

CVE-2014-8027

The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq7…

EPSS: 0.002 (36.8th percentile) — read the EPSS interpretation.

Affected products

Cisco Secure_access_control_system
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

71944 (vdb-entry, x_refsource_BID)
20150108 Cisco Secure Access Control Server Privilege Escalation Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
cisco-secureacs-cve20148027-priv-esc(100558) (vdb-entry, x_refsource_XF)
1031516 (vdb-entry, x_refsource_SECTRACK)
62159 (x_refsource_SECUNIA, third-party-advisory)