CVE-2014-0650

CWE-20 โ€” Improper Input ValidationCWE-287 โ€” Improper Authentication4 documents4 sources
Severity
10.0CRITICAL
EPSS
6.6%
top 8.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Secure Access Control System
Timeline
PublishedJan 16
Latest updateMay 17

Description

The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

โ–ถNVDcisco/secure_access_control_system5.4.0.46.2+21

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-pxmw-gp47-2g3v: The web interface in Cisco Secure Access Control System (ACS) 5โ†—2022-05-17
โ–ถ
CVEList
CVE-2014-0650: The web interface in Cisco Secure Access Control System (ACS) 5โ†—2014-01-16
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco Secure Access Control Systemโ†—2014-01-16
โ–ถ
CVE-2014-0650 (CRITICAL CVSS 10) | The web interface in Cisco Secure A | cvebase.io