Vulnerability Details : CVE-2014-8027
The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.
Exploit prediction scoring system (EPSS) score for CVE-2014-8027
Probability of exploitation activity in the next 30 days: 0.27%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 63 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-8027
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2014-8027
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-8027
-
http://www.securitytracker.com/id/1031516
Cisco Secure Access Control Server Lets Remote Authenticated Users Gain Elevated Privileges - SecurityTracker
-
http://www.securityfocus.com/bid/71944
Cisco Secure Access Control Server CVE-2014-8027 Privilege Escalation Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100558
Cisco Secure Access Control Server (ACS) privilege escalation CVE-2014-8027 Vulnerability Report
-
http://secunia.com/advisories/62159
Sign in
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027
Cisco Secure Access Control Server Privilege Escalation VulnerabilityVendor Advisory
Products affected by CVE-2014-8027
- cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*