CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6300
https://notcve.org/view.php?id=CVE-2015-6300
20 Sep 2015 — Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694. Vulnerabilidad en Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15), permite a usuarios remotos autenticados provocar una denegación de servicio (caída del proceso de pantalla SSH) a través de comandos (1) CLI o (2) GUI manipulados, también conocida como Bug ID CSCuw24694. • http://tools.cisco.com/security/center/viewAlert.x?alertId=41087 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0746
https://notcve.org/view.php?id=CVE-2015-0746
22 May 2015 — The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. La API REST en Cisco Access Control Server (ACS) 5.5(0.46.2) permite a atacantes remotos causar una denegación de servicio (interrupción de API) mediante el envío de muchas solicitudes, también conocido como Bug ID CSCut62022. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38946 • CWE-254: 7PK - Security Features •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0729
https://notcve.org/view.php?id=CVE-2015-0729
16 May 2015 — Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005. Vulnerabilidad de XSS en Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de un ataque de la inclusión de ficheros, también conocido como Bug ID CSCuu11005. • http://tools.cisco.com/security/center/viewAlert.x?alertId=38864 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0700
https://notcve.org/view.php?id=CVE-2015-0700
17 Apr 2015 — Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924. Vulnerabilidad de CSRF en la página Dashboard en la sección de monitorización y informes en Cisco Secure Access Control Server Solution Engine anterior a 5.5(0.46.5) permite a atacantes remotos secuestrar la autenticación de usuarios ar... • http://tools.cisco.com/security/center/viewAlert.x?alertId=38403 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-3466
https://notcve.org/view.php?id=CVE-2013-3466
29 Aug 2013 — The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636. El módulo de autenticación EAP-FAST en Cisco Secure Access Control Server (ACS) v4.x anterior a v4.2.1.15.11, cuando la configuración de servidor RADIUS está habilitada, no analiza correctamente las identidad... • http://osvdb.org/96668 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3380
https://notcve.org/view.php?id=CVE-2013-3380
12 Jun 2013 — The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279. La interfaz Web de administración en el Access Control Server en Cisco Secure Access Control System (ACS) no restringe correctamente la página de vista de informe, permitiendo a los usuarios autenticados remotos obtener información sensible... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3380 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2012-5424
https://notcve.org/view.php?id=CVE-2012-5424
07 Nov 2012 — Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634. Cisco Secure Access Control System (ACS) v5.x antes v5.2 Patch 11 y v5.3 antes de 5.3 Patch 7, cuando se usa una determinada configuración que implica TACACS+ y LDAP, no valida co... • http://osvdb.org/87251 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3293
https://notcve.org/view.php?id=CVE-2011-3293
02 May 2012 — Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el Solution Engine en Cisco Secure Access Control Server (ACS) v5.2, permite a atacantes remotos secuestrar la autentificación de los adminis... • http://secunia.com/advisories/49101 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3317
https://notcve.org/view.php?id=CVE-2011-3317
02 May 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Solution Engine en Cisco Secure Access Control Server (ACS) v5.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, también c... • http://secunia.com/advisories/49101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2008-2441
https://notcve.org/view.php?id=CVE-2008-2441
04 Sep 2008 — Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribut... • http://secunia.com/advisories/31731 • CWE-399: Resource Management Errors •