CVE-2014-8027

high

Description

The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/100558

http://www.securitytracker.com/id/1031516

http://www.securityfocus.com/bid/71944

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027

http://secunia.com/advisories/62159

Details

Source: Mitre, NVD

Published: 2015-01-09

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00161