Vulnerability Details : CVE-2014-8027
The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.
Products affected by CVE-2014-8027
- cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8027
0.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8027
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2014-8027
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8027
-
http://www.securitytracker.com/id/1031516
Cisco Secure Access Control Server Lets Remote Authenticated Users Gain Elevated Privileges - SecurityTracker
-
http://www.securityfocus.com/bid/71944
Cisco Secure Access Control Server CVE-2014-8027 Privilege Escalation Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100558
Cisco Secure Access Control Server (ACS) privilege escalation CVE-2014-8027 Vulnerability Report
-
http://secunia.com/advisories/62159
Sign in
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027
Cisco Secure Access Control Server Privilege Escalation VulnerabilityVendor Advisory
Jump to