| |
Vulnerability CVE-2014-2130
Published: 2015-03-05 Modified: 2015-03-06
Description: |
Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189. |
CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.5/10 |
6.4/10 |
8/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
http://www.securitytracker.com/id/1031844
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2130
|
|
|
Copyright 2024, cxsecurity.com
|
|
|