CVSS: 9.0EPSS: 0%CPEs: 26EXPL: 0CVE-2014-0649
https://notcve.org/view.php?id=CVE-2014-0649
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180. El interface RMI en Cisco Secure Access Control System (ACS) v5.x anterior a v5.5 no aplica correctamente los requisitos de autorización, lo que permite a usuarios autenticados remotamente obtener acceso de superadmin a través de este interface, tambien conocido como Bug ID CSCud75180. • http://osvdb.org/102116 http://secunia.com/advisories/56213 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs http://tools.cisco.com/security/center/viewAlert.x?alertId=32378 http://www.securityfocus.com/bid/64958 http://www.securitytracker.com/id/1029634 https://exchange.xforce.ibmcloud.com/vulnerabilities/90430 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 11EXPL: 0CVE-2011-0951 – Cisco Secure ACS Unauthorized Password Change
https://notcve.org/view.php?id=CVE-2011-0951
The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440. La interfaz de gestión basada en web en Cisco Secure Access Control System ( ACS ) v5.1 y v5.2 antes de v5.1.0.44.6 5.2.0.26.3, permite a atacantes remotos cambiar las contraseñas de usuario de forma arbitraria a través de vectores no especificados, también conocido como CSCtl77440 ID de error. • http://secunia.com/advisories/43924 http://securitytracker.com/id?1025271 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml http://www.securityfocus.com/bid/47093 http://www.vupen.com/english/advisories/2011/0821 https://exchange.xforce.ibmcloud.com/vulnerabilities/66471 http://www.cisco.com/en/US/products/csa/cisco-sa-20110330-acs.html • CWE-255: Credentials Management Errors •