Cisco Secure ACS Portal Interface Session Hijacking

Medium Nessus Plugin ID 72338

Synopsis

The remote host is missing a vendor-supplied security patch.

Description

The version of Cisco Secure Access Control System (ACS) on the remote host is affected by a vulnerability in the Portal Interface. Due to insufficient session management, this could allow a remote, authenticated attacker to perform actions in the portal with the privileges of another user.

Solution

Apply the Cisco Secure Access Control System patch referenced in Cisco Bug Id CSCue65951.

See Also

http://www.nessus.org/u?72a05642

https://tools.cisco.com/security/center/viewAlert.x?alertId=32567

Plugin Details

Severity: Medium

ID: 72338

File Name: cisco-sn-CSCue65951-csacs.nasl

Version: 1.6

Type: local

Family: CISCO

Published: 2014/02/05

Updated: 2018/11/15

Dependencies: 69133

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5.5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:secure_access_control_system

Required KB Items: Host/Cisco/ACS/Version, Host/Cisco/ACS/DisplayVersion

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/11/25

Vulnerability Publication Date: 2014/01/24

Reference Information

CVE: CVE-2014-0678

BID: 65144

CISCO-BUG-ID: CSCue65951