Cisco Secure vulnerabilities

CVE-2018-0147 Cisco Secure Access Control System Java Deserialization Vulnerability CVE-2018-0147: Cisco Secure Access Control System Java Deserialization Vulnerability A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulner

CVE-2015-6347 Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability CVE-2015-6347: Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability A vulnerability in the role-based access control (RBAC) implementation of the Cisco Secure Access Control Server (ACS) could allow an authenticated, remote attacker to impact the integrity of the system by modifying dashboard portlets that should be restricted. The vulnerabi

CVE-2017-3839 Cisco Secure Access Control System XML External Entity Vulnerability CVE-2017-3839: Cisco Secure Access Control System XML External Entity Vulnerability A vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity (XXE) when parsing an XML file. An attac

CVE-2015-6349 Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability CVE-2015-6349: Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability A vulnerability in the Cisco Secure Access Control Server (ACS) web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a reflective cross-site scripting (XSS) attack. The vulnerability is due to a lack of input validation on user-supplied input. An at

CVE-2017-3841 Cisco Secure Access Control System Information Disclosure Vulnerability CVE-2017-3841: Cisco Secure Access Control System Information Disclosure Vulnerability A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. The vulnerability is due to the inclusion of sensitive information in a server response when certain pages of the web interface are accessed. An unauthenticate

CVE-2024-20337 Cisco Secure Client Carriage Return Line Feed Injection Vulnerability CVE-2024-20337: Cisco Secure Client Carriage Return Line Feed Injection Vulnerability A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by per

CVE-2014-0648 Multiple Vulnerabilities in Cisco Secure Access Control System CVE-2014-0648: Multiple Vulnerabilities in Cisco Secure Access Control System Cisco Secure Access Control System (ACS) is affected by the following vulnerabilities: Cisco Secure ACS RMI Privilege Escalation Vulernability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS Operating System Command Injection Vulnerability Cisco Secure ACS uses the Remote Method Invocation (RMI) interface for in

CVE-2024-20391 Cisco Secure Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability CVE-2024-20391: Cisco Secure Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM . This vulnerability is due to a lack of authentication on a specifi

CVE-2024-20338 Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation Vulnerability CVE-2024-20338: Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation Vulnerability A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vuln

CVE-2014-0649 Multiple Vulnerabilities in Cisco Secure Access Control System CVE-2014-0649: Multiple Vulnerabilities in Cisco Secure Access Control System Cisco Secure Access Control System (ACS) is affected by the following vulnerabilities: Cisco Secure ACS RMI Privilege Escalation Vulernability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS Operating System Command Injection Vulnerability Cisco Secure ACS uses the Remote Method Invocation (RMI) interface for in

CVE-2006-4097 Multiple Vulnerabilities in Cisco Secure Access Control Server CVE-2006-4097: Multiple Vulnerabilities in Cisco Secure Access Control Server Certain versions of Cisco Secure Access Control Server (ACS) for Windows and the Cisco Secure ACS Solution Engine (here after both referred to as purely Cisco Secure ACS) are affected by multiple vulnerabilities that cause specific Cisco Secure services to crash. Two of the vulnerabilities may permit arbitrary code execution after exploitation

CVE-2004-1458 Multiple Vulnerabilities in Cisco Secure Access Control Server CVE-2004-1458: Multiple Vulnerabilities in Cisco Secure Access Control Server Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) provide authentication, authorization, and accounting (AAA) services to network devices such as a network access server, Cisco PIX and a router. This advisory documents multiple Denial of Service (DoS) and a

CVE-2011-0951 Cisco Secure Access Control System Unauthorized Password Change Vulnerability CVE-2011-0951: Cisco Secure Access Control System Unauthorized Password Change Vulnerability A vulnerability exists in some Cisco Secure Access Control System (ACS) versions that could allow a remote, unauthenticated attacker to change the password of any user account to any value without providing the account's previous password. Successful exploitation requires the user account to be defined on the inte

CVE-2002-0241 Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability CVE-2002-0241: Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability Specific versions of Cisco Secure Authentication Control Server (ACS) allows authentication of users that have been explicitly disabled or expired in the Novell Directory Services (NDS). There is a software patch that may be applied, and software up

CVE-2006-4098 Multiple Vulnerabilities in Cisco Secure Access Control Server CVE-2006-4098: Multiple Vulnerabilities in Cisco Secure Access Control Server Certain versions of Cisco Secure Access Control Server (ACS) for Windows and the Cisco Secure ACS Solution Engine (here after both referred to as purely Cisco Secure ACS) are affected by multiple vulnerabilities that cause specific Cisco Secure services to crash. Two of the vulnerabilities may permit arbitrary code execution after exploitation

CVE-2017-3838 Cisco Secure Access Control System Cross-Site Scripting Vulnerability CVE-2017-3838: Cisco Secure Access Control System Cross-Site Scripting Vulnerability A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An attacker may be a

CVE-2018-0414 Cisco Secure Access Control Server XML External Entity Injection Vulnerability CVE-2018-0414: Cisco Secure Access Control Server XML External Entity Injection Vulnerability A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could explo

CVE-2018-0218 Cisco Secure Access Control Server XML External Entity Injection Vulnerability CVE-2018-0218: Cisco Secure Access Control Server XML External Entity Injection Vulnerability A vulnerability in the web-based user interface of the Cisco Secure Access Control Server could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An a

CVE-2004-1099 Vulnerability in Cisco Secure Access Control Server EAP-TLS Authentication CVE-2004-1099: Vulnerability in Cisco Secure Access Control Server EAP-TLS Authentication A Cisco Secure Access Control Server (ACS) that is configured to use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) to authenticate users to the network will allow access to any user that uses a cryptographically correct certificate as long as the user name is valid. Cryptographically correct mean