3 results (0.005 seconds)

CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0

A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the attacker to execute arbitrary commands on the ACS device. • http://www.securityfocus.com/bid/104075 http://www.securitytracker.com/id/1040808 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-acs1 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Cisco Access Control Server (ACS) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu11002. Vulnerabilidad de XSS en Cisco Access Control Server (ACS) 5.5(0.1) permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada, también conocido como Bug ID CSCuu11002. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38808 http://www.securitytracker.com/id/1032328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027. Múltiples vulnerabilidades de inyección SQL en las páginas de la interfaz de los informes de ACS View en Cisco Secure Access Control System (ACS) anterior a 5.5 parche 7 permiten a administradores remotos autenticados ejecutar comandos SQL arbitrarios a través de solicitudes HTTPS manipuladas, también conocido como Bug ID CSCuq79027. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs http://www.securityfocus.com/bid/72576 http://www.securitytracker.com/id/1031740 https://exchange.xforce.ibmcloud.com/vulnerabilities/100812 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •