CVE-2014-0649

high

Description

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/90430

http://www.securitytracker.com/id/1029634

http://www.securityfocus.com/bid/64958

http://tools.cisco.com/security/center/viewAlert.x?alertId=32378

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs

http://secunia.com/advisories/56213

http://osvdb.org/102116

Details

Source: Mitre, NVD

Published: 2014-01-16

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High