CVE-2014-0650
https://notcve.org/view.php?id=CVE-2014-0650
The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962. La interfaz web de Cisco Secure Access Control System (ACS) 5.x anterior a 5.4 Patch 3 permite a atacantes remotos ejecutar en el sistema operativo comandos arbitrarios a través de una solicitud a esta interfaz, también conocido como Bug ID CSCue65962. • http://osvdb.org/102115 http://secunia.com/advisories/56213 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs http://tools.cisco.com/security/center/viewAlert.x?alertId=32380 http://www.securityfocus.com/bid/64964 http://www.securitytracker.com/id/1029634 https://exchange.xforce.ibmcloud.com/vulnerabilities/90432 • CWE-20: Improper Input Validation •
CVE-2014-0649
https://notcve.org/view.php?id=CVE-2014-0649
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180. El interface RMI en Cisco Secure Access Control System (ACS) v5.x anterior a v5.5 no aplica correctamente los requisitos de autorización, lo que permite a usuarios autenticados remotamente obtener acceso de superadmin a través de este interface, tambien conocido como Bug ID CSCud75180. • http://osvdb.org/102116 http://secunia.com/advisories/56213 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs http://tools.cisco.com/security/center/viewAlert.x?alertId=32378 http://www.securityfocus.com/bid/64958 http://www.securitytracker.com/id/1029634 https://exchange.xforce.ibmcloud.com/vulnerabilities/90430 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0951 – Cisco Secure ACS Unauthorized Password Change
https://notcve.org/view.php?id=CVE-2011-0951
The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440. La interfaz de gestión basada en web en Cisco Secure Access Control System ( ACS ) v5.1 y v5.2 antes de v5.1.0.44.6 5.2.0.26.3, permite a atacantes remotos cambiar las contraseñas de usuario de forma arbitraria a través de vectores no especificados, también conocido como CSCtl77440 ID de error. • http://secunia.com/advisories/43924 http://securitytracker.com/id?1025271 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml http://www.securityfocus.com/bid/47093 http://www.vupen.com/english/advisories/2011/0821 https://exchange.xforce.ibmcloud.com/vulnerabilities/66471 http://www.cisco.com/en/US/products/csa/cisco-sa-20110330-acs.html • CWE-255: Credentials Management Errors •