Cisco Secure Access Control System (ACS) 5.4.0.46.5

CPE Details

Cisco Secure Access Control System (ACS) 5.4.0.46.5
5.4.0.46.5
2014-01-17
15h19 +00:00
2014-01-27
13h44 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.5:*:*:*:*:*:*:*

Informations

Vendor

cisco

Product

secure_access_control_system

Version

5.4.0.46.5

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-0253 2018-05-02 20h00 +00:00 A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the attacker to execute arbitrary commands on the ACS device. This vulnerability affects all releases of Cisco Secure ACS prior to Release 5.8 Patch 7. Cisco Bug IDs: CSCve69037.
9.8
Critical
CVE-2015-0580 2015-02-12 00h00 +00:00 Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027.
6.5
CVE-2014-0648 2014-01-16 18h00 +00:00 The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187.
10
CVE-2014-0649 2014-01-16 18h00 +00:00 The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180.
9