Vulnerability Description
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Secure Access Control System | <= 5.4.0.46.6 |
Related Weaknesses (CWE)
References
- http://osvdb.org/102116
- http://secunia.com/advisories/56213
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32378Vendor Advisory
- http://www.securityfocus.com/bid/64958Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1029634Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90430
- http://osvdb.org/102116
- http://secunia.com/advisories/56213
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32378Vendor Advisory
- http://www.securityfocus.com/bid/64958Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1029634Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90430
FAQ
What is CVE-2014-0649?
CVE-2014-0649 is a vulnerability with a CVSS score of 9.0 (HIGH). The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access v...
How severe is CVE-2014-0649?
CVE-2014-0649 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0649?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Secure Access Control System.