Detections
Analytics
Cisco Secure ACS Portal Interface Session Hijacking
medium Nessus Plugin ID 72338
Language:
Synopsis
The remote host is missing a vendor-supplied security patch.Description
The version of Cisco Secure Access Control System (ACS) on the remote host is affected by a vulnerability in the Portal Interface. Due to insufficient session management, this could allow a remote, authenticated attacker to perform actions in the portal with the privileges of another user.Solution
Apply the Cisco Secure Access Control System patch referenced in Cisco Bug Id CSCue65951.See Also
http://www.nessus.org/u?72a05642
https://tools.cisco.com/security/center/viewAlert.x?alertId=32567
Plugin Details
Severity: Medium
ID: 72338
File Name: cisco-sn-CSCue65951-csacs.nasl
Version: 1.6
Type: local
Family: CISCO
Published: 2/5/2014
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 4.1
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N
Vulnerability Information
CPE: cpe:/a:cisco:secure_access_control_system
Required KB Items: Host/Cisco/ACS/Version, Host/Cisco/ACS/DisplayVersion
Exploit Ease: No known exploits are available
Patch Publication Date: 11/25/2013
Vulnerability Publication Date: 1/24/2014
Reference Information
CVE: CVE-2014-0678
BID: 65144
CISCO-BUG-ID: CSCue65951