CVE-2014-0649 Information

Description

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements which allows remote authenticated users to obtain superadmin access via a request to this interface aka Bug ID CSCud75180.

Reference

http://osvdb.org/102116 http://secunia.com/advisories/56213 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs http://tools.cisco.com/security/center/viewAlert.x?alertId=32378 http://www.securityfocus.com/bid/64958 http://www.securitytracker.com/id/1029634 https://exchange.xforce.ibmcloud.com/vulnerabilities/90430