CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2018-0253
https://notcve.org/view.php?id=CVE-2018-0253
A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the attacker to execute arbitrary commands on the ACS device. • http://www.securityfocus.com/bid/104075 http://www.securitytracker.com/id/1040808 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-acs1 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12354
https://notcve.org/view.php?id=CVE-2017-12354
A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version information when the software responds to HTTP requests that are sent to the web-based interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based interface of the affected software. A successful exploit could allow the attacker to view sensitive information about the software, which the attacker could use to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvf66155. • http://www.securityfocus.com/bid/101986 http://www.securitytracker.com/id/1039923 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-acs • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6769
https://notcve.org/view.php?id=CVE-2017-6769
A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCve70587. Known Affected Releases: 5.8(0.8) 5.8(1.5). Una vulnerabilidad en la interfaz de gestión web de Cisco Secure Access Control System (ACS) podría permitir que un atacante remoto autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) almacenado, contra un usuario de dicha interfaz en un sistema afectado. Más información: CSCve70587. • http://www.securityfocus.com/bid/99985 http://www.securitytracker.com/id/1038996 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170726-acs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3841
https://notcve.org/view.php?id=CVE-2017-3841
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5). Una vulnerabilidad en la interfaz web de Cisco Secure Access Control System (ACS) podría permitir a un atacante remoto no autenticado revelar información sensible. Más Información: CSCvc04854. • http://www.securityfocus.com/bid/96237 http://www.securitytracker.com/id/1037838 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3838
https://notcve.org/view.php?id=CVE-2017-3838
A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.8(2.5). Una vulnerabilidad en Cisco Secure Access Control System (ACS) podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS basado en DOM contra el usuario de la interfaz web del sistema afectado. Más Información: CSCvc04838. • http://www.securityfocus.com/bid/96234 http://www.securitytracker.com/id/1037835 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •