Cisco Secure ACS Portal Interface Session Hijacking

medium Nessus Plugin ID 72338

Synopsis

The remote host is missing a vendor-supplied security patch.

Description

The version of Cisco Secure Access Control System (ACS) on the remote host is affected by a vulnerability in the Portal Interface. Due to insufficient session management, this could allow a remote, authenticated attacker to perform actions in the portal with the privileges of another user.

Solution

Apply the Cisco Secure Access Control System patch referenced in Cisco Bug Id CSCue65951.

See Also

http://www.nessus.org/u?72a05642

https://tools.cisco.com/security/center/viewAlert.x?alertId=32567

Plugin Details

Severity: Medium

ID: 72338

File Name: cisco-sn-CSCue65951-csacs.nasl

Version: 1.6

Type: local

Family: CISCO

Published: 2/5/2014

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/a:cisco:secure_access_control_system

Required KB Items: Host/Cisco/ACS/Version, Host/Cisco/ACS/DisplayVersion

Exploit Ease: No known exploits are available

Patch Publication Date: 11/25/2013

Vulnerability Publication Date: 1/24/2014

Reference Information

CVE: CVE-2014-0678

BID: 65144

CISCO-BUG-ID: CSCue65951