CVE-2015-6348
Summary
| CVE | CVE-2015-6348 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-10-30 10:59:00 UTC |
| Updated | 2016-12-07 18:19:00 UTC |
| Description | The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Secure Access Control Server | 5.7.0.15 | All | All | All |
| Application | Cisco | Secure Access Control Server | 5.7.0.15 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| Cisco Secure Access Control Server RBAC Flaw Lets Remote Authenticated Users Obtain System Administrator Reports and Status - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.