Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2130

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2014-2130
Last Modified 17 Mar 2015 10:00:39
Published 05 Mar 2015 09:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-2130

Summary

Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189.

Vulnerable Systems

Application

  • Cisco Secure Access Control System -


References

CISCO - 20150304 Cisco Secure Access Control Server Default Tomcat Administration Interface Vulnerability

SECTRACK - 1031844


Last Updated: 27 May 2016 10:53:58