CVE-2014-0649

critical Cisco
CVSS v3 Base Score
9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS Score
3.4%
Exploitation probability in 30 days
Top 13% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: January 16, 2014 (4500 days ago)
Last Modified: April 29, 2026
Vendor: Cisco
Source: NVD

Description

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180.

CWE

CWE-264

Affected Products

cisco secure access control system

References

🔗 osvdb.org 🔗 secunia.com 🔗 tools.cisco.com 🔗 tools.cisco.com 🔗 www.securityfocus.com