Role-Based Access Control Bypass in Cisco Secure Access Control Server
CVE-2015-6347

Currently unrated

Key Information:

Vendor
Cisco
Status
Secure Access Control Server
Vendor
CVE Published:
30 October 2015

Summary

The Solution Engine in Cisco Secure Access Control Server version 5.7(0.15) has a security flaw that permits remote authenticated users to circumvent established Role-Based Access Control (RBAC) policies. This exploitation allows users to access unauthorized functionalities, including the ability to create a dashboard or portlet, by navigating to a specific web page. As a result, critical system management operations could be compromised, leading to potential unauthorized access and manipulation of sensitive data.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1033971
vdb-entryx_refsource_SECTRACK

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.