Vulnerability Details CVE-2014-0649
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.041
EPSS Ranking 87.9%
CVSS Severity
CVSS v2 Score 9.0
References
- http://osvdb.org/102116
- http://secunia.com/advisories/56213
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32378
- http://www.securityfocus.com/bid/64958
- http://www.securitytracker.com/id/1029634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90430
- http://osvdb.org/102116
- http://secunia.com/advisories/56213
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32378
- http://www.securityfocus.com/bid/64958
- http://www.securitytracker.com/id/1029634
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90430
Products affected by CVE-2014-0649
-
cpe:2.3:a:cisco:secure_access_control_system:-
-
cpe:2.3:a:cisco:secure_access_control_system:5.1
-
cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44
-
cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.1
-
cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.2
-
cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.3
-
cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.4
-
cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.5
-
cpe:2.3:a:cisco:secure_access_control_system:5.2
-
cpe:2.3:a:cisco:secure_access_control_system:5.2(0.3)
-
cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26
-
cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.1
-
cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.2
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.1
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.2
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.3
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.4
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.5
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.6
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.7
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.8
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.9
-
cpe:2.3:a:cisco:secure_access_control_system:5.4
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.1
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.2
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.3
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.4
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.5
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.6