CVE-2014-8027
medium
CVSS v3
—
CVSS v2
6.5
VIR risk
6.5
Description
The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| cisco | secure_access_control_system | - | |
References
- http://secunia.com/advisories/62159
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027
- http://www.securityfocus.com/bid/71944
- http://www.securitytracker.com/id/1031516
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100558
- http://secunia.com/advisories/62159
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027
- http://www.securityfocus.com/bid/71944
- http://www.securitytracker.com/id/1031516
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100558
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.