CVE-2014-0649

CWE-264CWE-20 โ€” Improper Input ValidationCWE-287 โ€” Improper Authentication4 documents4 sources
Severity
9.0CRITICAL
EPSS
3.4%
top 12.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Secure Access Control System
Timeline
PublishedJan 16
Latest updateMay 17

Description

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

โ–ถNVDcisco/secure_access_control_system5.4.0.46.6+25

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-vmp2-fw52-cx7f: The RMI interface in Cisco Secure Access Control System (ACS) 5โ†—2022-05-17
โ–ถ
CVEList
CVE-2014-0649: The RMI interface in Cisco Secure Access Control System (ACS) 5โ†—2014-01-16
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco Secure Access Control Systemโ†—2014-01-16
โ–ถ
CVE-2014-0649 (CRITICAL CVSS 9) | The RMI interface in Cisco Secure A | cvebase.io