SQL Injection Vulnerabilities in Cisco Secure Access Control System
CVE-2015-0580

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control System
Vendor: CVE Published:; 12 February 2015

Summary

Multiple SQL injection vulnerabilities exist in the ACS View reporting interface of Cisco Secure Access Control System prior to version 5.5 patch 7. These flaws permit remote authenticated administrators to execute arbitrary SQL commands through specially crafted HTTPS requests, posing a significant risk to data integrity and system security. Proper mitigation measures are essential to defend against potential exploitation.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/100812

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/72576

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Feb 12, 2015
Vulnerability Reserved
Jan 7, 2015