Product:

Secure_access_control_system

(Cisco)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 35
Date Id Summary Products Score Patch Annotated
2013-09-04 CVE-2013-5470 Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488. Secure_access_control_system N/A
2013-07-15 CVE-2013-3428 The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957. Secure_access_control_system N/A
2013-07-12 CVE-2013-3424 Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177. Secure_access_control_system N/A
2013-07-12 CVE-2013-3423 Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCud75174. Secure_access_control_system N/A
2013-07-12 CVE-2013-3422 Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75165. Secure_access_control_system N/A
2013-07-12 CVE-2013-3421 Cross-site scripting (XSS) vulnerability in the Help index page in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75170. Secure_access_control_system N/A
2013-05-16 CVE-2013-1200 Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787. Secure_access_control_system N/A
2013-04-29 CVE-2013-1196 The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs... Application_networking_manager, Context_directory_agent, Identity_services_engine_software, Network_services_manager, Prime_collaboration, Prime_data_center_network_manager, Prime_lan_management_solution, Prime_network_control_system, Quad, Secure_access_control_system, Unified_provisioning_manager N/A
2013-02-19 CVE-2013-1125 The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025,... Application_networking_manager, Context_directory_agent, Identity_services_engine_software, Network_services_manager, Prime_collaboration, Prime_lan_management_solution, Prime_network_control_system, Quad, Secure_access_control_system, Unified_provisioning_manager N/A
2011-04-04 CVE-2011-0951 The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440. Secure_access_control_system N/A