Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0580

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2015-0580
Last Modified 18 Feb 2015 10:01:09
Published 11 Feb 2015 08:59:21
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2015-0580

Summary

Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027.

Vulnerable Systems

Application

  • Cisco Secure Access Control System 5.5.0.46


References

CISCO - 20150211 Cisco Secure Access Control System SQL Injection Vulnerability

XF - cisco-acs-cve20150580-sql-injection(100812)

SECTRACK - 1031740

BID - 72576


Last Updated: 27 May 2016 11:07:52