CVE-2018-0253

CWE-20Improper Input Validation5 documents5 sources
Severity
9.8CRITICAL
EPSS
4.3%
top 11.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Secure Access Control System
Timeline
PublishedMay 2
Latest updateMay 13

Description

A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco_secure_access_control_systemCisco Secure Access Control System

🔴Vulnerability Details

2
GHSA
GHSA-99xc-j93w-f7qr: A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arb2022-05-13
CVEList
CVE-2018-0253: A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arb2018-05-02

📋Vendor Advisories

1
Cisco
Cisco Secure Access Control System Remote Code Execution Vulnerability2018-05-02

🕵️Threat Intelligence

1
Tenable
Critical Cisco Secure Access Control System (ACS) Vulnerability2018-06-08
CVE-2018-0253 (CRITICAL CVSS 9.8) | A vulnerability in the ACS Report c | cvebase.io