Vulnerability Details : CVE-2014-2130
Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189.
Vulnerability category: Execute code
Products affected by CVE-2014-2130
- cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2130
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2130
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2014-2130
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2130
-
http://www.securitytracker.com/id/1031844
Cisco Secure Access Control Server Tomcat Administration Interface Lets Remote Authenticated Users Execute Arbitrary Code - SecurityTracker
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2130
Cisco Secure Access Control Server Default Tomcat Administration Interface VulnerabilityVendor Advisory
Jump to