Vulnerability Description
The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Secure Access Control System | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/102168
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0667Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32468Vendor Advisory
- http://www.securityfocus.com/bid/64983Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1029641Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90497
- http://osvdb.org/102168
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0667Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32468Vendor Advisory
- http://www.securityfocus.com/bid/64983Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1029641Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90497
FAQ
What is CVE-2014-0667?
CVE-2014-0667 is a vulnerability with a CVSS score of 6.3 (MEDIUM). The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to thi...
How severe is CVE-2014-0667?
CVE-2014-0667 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0667?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Secure Access Control System.