Vulnerability Details CVE-2014-0648
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.092
EPSS Ranking 92.2%
CVSS Severity
CVSS v2 Score 10.0
References
- http://osvdb.org/102117
- http://secunia.com/advisories/56213
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32379
- http://www.securityfocus.com/bid/64962
- http://www.securitytracker.com/id/1029634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90431
- http://osvdb.org/102117
- http://secunia.com/advisories/56213
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32379
- http://www.securityfocus.com/bid/64962
- http://www.securitytracker.com/id/1029634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90431
Products affected by CVE-2014-0648
-
cpe:2.3:a:cisco:secure_access_control_system:-
-
cpe:2.3:a:cisco:secure_access_control_system:5.1
-
cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44
-
cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.1
-
cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.2
-
cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.3
-
cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.4
-
cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.5
-
cpe:2.3:a:cisco:secure_access_control_system:5.2
-
cpe:2.3:a:cisco:secure_access_control_system:5.2(0.3)
-
cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26
-
cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.1
-
cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.2
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.1
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.2
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.3
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.4
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.5
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.6
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.7
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.8
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.9
-
cpe:2.3:a:cisco:secure_access_control_system:5.4
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.1
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.2
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.3
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.4
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.5
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.6