Detections
Analytics
Cisco Secure ACS RMI Arbitrary File Read (CSCud75169)
medium Nessus Plugin ID 72140
Language:
Synopsis
The remote host is missing a vendor-supplied security patch.Description
The version of Cisco Secure Access Control System (ACS) on the remote host is affected by a vulnerability in the Remote Method Invocation (RMI) interface. Due to insufficient authorization enforcement, this issue could allow a remote, authenticated attacker to read arbitrary files on the ACS server.Solution
Apply the Cisco Secure Access Control System patch referenced in Cisco Bug Id CSCud75169.See Also
http://www.nessus.org/u?21167551
https://tools.cisco.com/security/center/viewAlert.x?alertId=32468
Plugin Details
Severity: Medium
ID: 72140
File Name: cisco-sn-CSCud75169-csacs.nasl
Version: 1.6
Type: local
Family: CISCO
Published: 1/27/2014
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Medium
Base Score: 6.3
Temporal Score: 4.7
Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:N/A:N
Vulnerability Information
CPE: cpe:/a:cisco:secure_access_control_system
Required KB Items: Host/Cisco/ACS/Version, Host/Cisco/ACS/DisplayVersion
Exploit Ease: No known exploits are available
Patch Publication Date: 1/16/2014
Vulnerability Publication Date: 1/16/2014
Reference Information
CVE: CVE-2014-0667
BID: 64983
CISCO-BUG-ID: CSCud75169