Vulnerability Details : CVE-2014-0678
The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951.
Products affected by CVE-2014-0678
- cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0678
0.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0678
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:N |
8.0
|
4.9
|
NIST |
CWE ids for CVE-2014-0678
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0678
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=32567
Cisco Secure ACS Portal Session Management VulnerabilityVendor Advisory
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0678
Cisco Secure ACS Portal Session Management VulnerabilityVendor Advisory
-
http://www.securitytracker.com/id/1029688
Cisco Secure Access Control System Portal Lets Remote Authenticated Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://secunia.com/advisories/56540
Runtime Error
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90732
Cisco Secure ACS portal interface unauthorized access CVE-2014-0678 Vulnerability Report
-
http://www.securityfocus.com/bid/65144
Cisco Secure Access Control System Portal Interface Access Security Bypass VulnerabilityThird Party Advisory;VDB Entry
-
http://osvdb.org/102558
Jump to