Remote Code Execution Vulnerability in Cisco Secure Access Control Server
CVE-2014-2130

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control System
Vendor: CVE Published:; 6 March 2015

Summary

The vulnerability in Cisco Secure Access Control Server (ACS) arises from an unintentional administration web interface based on Apache Tomcat. This flaw permits authenticated remote users to modify critical application and configuration files, potentially leading to the execution of arbitrary code by exploiting elevated administrative privileges. It is essential for organizations using ACS to mitigate this risk through timely updates and by following security best practices.

References

http://www.securitytracker.com/id/1031844

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Mar 6, 2015
Vulnerability Reserved
Feb 25, 2014