| Vulnerability Name: | CVE-2014-8027 (CCN-100558) | ||||||||
| Assigned: | 2014-10-08 | ||||||||
| Published: | 2015-01-08 | ||||||||
| Updated: | 2017-09-08 | ||||||||
| Summary: | The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034. | ||||||||
| CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-8027 Source: SECUNIA Type: UNKNOWN 62159 Source: CCN Type: Cisco Security Notice Cisco Secure Access Control Server Privilege Escalation Vulnerability Source: CISCO Type: Vendor Advisory 20150108 Cisco Secure Access Control Server Privilege Escalation Vulnerability Source: BID Type: UNKNOWN 71944 Source: CCN Type: BID-71944 Cisco Secure Access Control Server CVE-2014-8027 Privilege Escalation Vulnerability Source: SECTRACK Type: UNKNOWN 1031516 Source: XF Type: UNKNOWN cisco-secureacs-cve20148027-priv-esc(100558) Source: XF Type: UNKNOWN cisco-secureacs-cve20148027-priv-esc(100558) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||