Support Bundle Download Vulnerability in Cisco Secure Access Control System
CVE-2013-6695

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control System
Vendor: CVE Published:; 2 December 2013

Summary

The Cisco Secure Access Control System (ACS) has a vulnerability in its role-based access control (RBAC) implementation that allows remote authenticated users to download support bundles improperly. This flaw enables them to access sensitive information, such as user database records, without the appropriate privileges. The issue arises when the system fails to adequately verify user permissions during the download process, posing a significant risk of information exposure.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Dec 2, 2013
Vulnerability Reserved
Nov 7, 2013