Vulnerability Details CVE-2015-0580
Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.8%
CVSS Severity
CVSS v2 Score 6.5
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs
- http://www.securityfocus.com/bid/72576
- http://www.securitytracker.com/id/1031740
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100812
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs
- http://www.securityfocus.com/bid/72576
- http://www.securitytracker.com/id/1031740
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100812
Products affected by CVE-2015-0580
-
cpe:2.3:a:cisco:secure_access_control_system:-
-
cpe:2.3:a:cisco:secure_access_control_system:5.2(0.3)
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.1
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.2
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.3
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.4
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.5
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.6
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.7
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.8
-
cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.9
-
cpe:2.3:a:cisco:secure_access_control_system:5.4
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.1
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.2
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.3
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.4
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.5
-
cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.6
-
cpe:2.3:a:cisco:secure_access_control_system:5.5
-
cpe:2.3:a:cisco:secure_access_control_system:5.5(0.1)
-
cpe:2.3:a:cisco:secure_access_control_system:5.5.0.46