Vulnerability Details : CVE-2014-0648
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187.
Products affected by CVE-2014-0648
- cpe:2.3:a:cisco:secure_access_control_system:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.2.0.26.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.1.0.44.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.8:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.9:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.4.0.46.4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.6:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.7:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_system:5.3.0.40.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0648
1.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0648
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2014-0648
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0648
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=32379
Cisco Secure Access Control System RMI Unauthenticated User Access VulnerabilityVendor Advisory
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs
Multiple Vulnerabilities in Cisco Secure Access Control SystemVendor Advisory
-
http://www.securitytracker.com/id/1029634
Cisco Secure Access Control Server RMI and Web Interface Bugs Let Remote Users Gain Access - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/64962
Cisco Secure Access Control System RMI Interface Unauthenticated Access Security VulnerabilityThird Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90431
Cisco Secure Access Control System unauthorized access CVE-2014-0648 Vulnerability Report
Jump to