Role-Based Access Control Weakness in Cisco Secure Access Control Server
CVE-2015-6348

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control Server
Vendor: CVE Published:; 30 October 2015

What is CVE-2015-6348?

The solution engine in Cisco Secure Access Control Server version 5.7(0.15) contains a vulnerability that allows remote authenticated users to bypass role-based access controls. This weakness permits unauthorized users to access sensitive report and status information by navigating to a specific web page, potentially compromising data integrity and user privacy.

References

http://www.securitytracker.com/id/1033970

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2015
Vulnerability Reserved
Aug 17, 2015