Authentication and Authorization Bypass in Cisco Secure Access Control System
CVE-2014-0648

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control System
Vendor: CVE Published:; 16 January 2014

Summary

The RMI interface in Cisco Secure Access Control System (ACS) versions 5.x prior to 5.5 lacks proper enforcement of authentication and authorization protocols. This oversight allows remote attackers to gain unauthorized administrative access by sending a crafted request to the RMI interface, posing significant security risks to affected systems. Administrators are urged to apply available patches and follow best practices to mitigate exploitation risks.

References

http://www.securityfocus.com/bid/64962

vdb-entryx_refsource_BID

http://secunia.com/advisories/56213

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/90431

vdb-entryx_refsource_XF

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 16, 2014
Vulnerability Reserved
Jan 2, 2014