CVSS: 10.0EPSS: 7%CPEs: 8EXPL: 0CVE-2018-0253
https://notcve.org/view.php?id=CVE-2018-0253
02 May 2018 — A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successfu... • http://www.securityfocus.com/bid/104075 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4219
https://notcve.org/view.php?id=CVE-2015-4219
24 Jun 2015 — Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331. Cisco Secure Access Control System anterior a 5.4(0.46.2) y 5.5 anterior a 5.5(0.46) y Cisco Identity Services Engine 1.0(4.573) no implementan correctamente el c... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39501 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0580
https://notcve.org/view.php?id=CVE-2015-0580
12 Feb 2015 — Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027. Múltiples vulnerabilidades de inyección SQL en las páginas de la interfaz de los informes de ACS View en Cisco Secure Access Control System (ACS) anterior a 5.5 parche 7 permiten a administradores remotos autenticados ejecutar comandos SQL a... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 9%CPEs: 26EXPL: 0CVE-2014-0648
https://notcve.org/view.php?id=CVE-2014-0648
16 Jan 2014 — The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187. El interface RMI en Cisco Secure Access Control System (ACS) v5.x anterior a v5.5 no aplica correctamente los requisitos de autenticación y autorización, lo que permite a atacantes remotos obtener acceso administrativo a través de una solicitud... • http://osvdb.org/102117 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 4%CPEs: 26EXPL: 0CVE-2014-0649
https://notcve.org/view.php?id=CVE-2014-0649
16 Jan 2014 — The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180. El interface RMI en Cisco Secure Access Control System (ACS) v5.x anterior a v5.5 no aplica correctamente los requisitos de autorización, lo que permite a usuarios autenticados remotamente obtener acceso de superadmin a través de este interface, tambien con... • http://osvdb.org/102116 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 7%CPEs: 22EXPL: 0CVE-2014-0650
https://notcve.org/view.php?id=CVE-2014-0650
16 Jan 2014 — The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962. La interfaz web de Cisco Secure Access Control System (ACS) 5.x anterior a 5.4 Patch 3 permite a atacantes remotos ejecutar en el sistema operativo comandos arbitrarios a través de una solicitud a esta interfaz, también conocido como Bug ID CSCue65962. • http://osvdb.org/102115 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 65%CPEs: 11EXPL: 1CVE-2011-0951 – Cisco Secure ACS Unauthorized Password Change
https://notcve.org/view.php?id=CVE-2011-0951
01 Apr 2011 — The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440. La interfaz de gestión basada en web en Cisco Secure Access Control System ( ACS ) v5.1 y v5.2 antes de v5.1.0.44.6 5.2.0.26.3, permite a atacantes remotos cambiar las contraseñas de usuario de forma arbitraria a través de vectores no especificados, también conocido como CSCtl7... • https://packetstorm.news/files/id/180756 • CWE-255: Credentials Management Errors •