CVSS: 10.0EPSS: 1%CPEs: 22EXPL: 0CVE-2014-0650
https://notcve.org/view.php?id=CVE-2014-0650
The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962. La interfaz web de Cisco Secure Access Control System (ACS) 5.x anterior a 5.4 Patch 3 permite a atacantes remotos ejecutar en el sistema operativo comandos arbitrarios a través de una solicitud a esta interfaz, también conocido como Bug ID CSCue65962. • http://osvdb.org/102115 http://secunia.com/advisories/56213 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs http://tools.cisco.com/security/center/viewAlert.x?alertId=32380 http://www.securityfocus.com/bid/64964 http://www.securitytracker.com/id/1029634 https://exchange.xforce.ibmcloud.com/vulnerabilities/90432 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 1%CPEs: 11EXPL: 0CVE-2011-0951 – Cisco Secure ACS Unauthorized Password Change
https://notcve.org/view.php?id=CVE-2011-0951
The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440. La interfaz de gestión basada en web en Cisco Secure Access Control System ( ACS ) v5.1 y v5.2 antes de v5.1.0.44.6 5.2.0.26.3, permite a atacantes remotos cambiar las contraseñas de usuario de forma arbitraria a través de vectores no especificados, también conocido como CSCtl77440 ID de error. • http://secunia.com/advisories/43924 http://securitytracker.com/id?1025271 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b74117.shtml http://www.securityfocus.com/bid/47093 http://www.vupen.com/english/advisories/2011/0821 https://exchange.xforce.ibmcloud.com/vulnerabilities/66471 • CWE-255: Credentials Management Errors •