Vulnerability Description
The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Secure Access Control System | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/102558
- http://secunia.com/advisories/56540
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0678Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32567Vendor Advisory
- http://www.securityfocus.com/bid/65144Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1029688Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90732
- http://osvdb.org/102558
- http://secunia.com/advisories/56540
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0678Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32567Vendor Advisory
- http://www.securityfocus.com/bid/65144Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1029688Third Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90732
FAQ
What is CVE-2014-0678?
CVE-2014-0678 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vecto...
How severe is CVE-2014-0678?
CVE-2014-0678 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0678?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Secure Access Control System.