CVE-2014-0648

critical

Description

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/90431

http://www.securitytracker.com/id/1029634

http://www.securityfocus.com/bid/64962

http://tools.cisco.com/security/center/viewAlert.x?alertId=32379

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs

http://secunia.com/advisories/56213

http://osvdb.org/102117

Details

Source: Mitre, NVD

Published: 2014-01-16

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical