CVE-2015-0580

CWE-89 — SQL Injection4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 71.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Access Control System

Timeline

PublishedFeb 12

Latest updateMay 17

Description

Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/secure_access_control_system5.5.0.46

🔴Vulnerability Details

GHSA

GHSA-cfgg-h2rv-pf7x: Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5↗2022-05-17

▶

CVEList

CVE-2015-0580: Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5↗2015-02-12

▶

📋Vendor Advisories

Cisco

Cisco Secure Access Control System SQL Injection Vulnerability↗2015-02-11

▶