CVE-2014-0648 Information

Description

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements which allows remote attackers to obtain administrative access via a request to this interface aka Bug ID CSCud75187.

Reference

http://osvdb.org/102117 http://secunia.com/advisories/56213 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs http://tools.cisco.com/security/center/viewAlert.x?alertId=32379 http://www.securityfocus.com/bid/64962 http://www.securitytracker.com/id/1029634 https://exchange.xforce.ibmcloud.com/vulnerabilities/90431