Cisco Secure Access Control System SQLi Vulnerability (cisco-sa-20150211-csacs)

medium Nessus Plugin ID 81421


The remote host is missing a vendor-supplied security patch.


The version of Cisco Secure Access Control System (ACS) running on the remote host is prior to 5.5 patch 7. It is, therefore, affected by a SQL injection vulnerability due to not properly sanitizing user input to the ACS View reporting interface pages. An authenticated, remote attacker, using crafted HTTP requests, can disclose or modify arbitrary data in the ACS View databases by injecting or manipulating SQL queries.


Upgrade to version 5.5 patch 7 or later.

See Also

Plugin Details

Severity: Medium

ID: 81421

File Name: cisco-sa-20150211-csacs.nasl

Version: 1.8

Type: local

Family: CISCO

Published: 2/20/2015

Updated: 11/25/2019

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2015-0580

Vulnerability Information

CPE: cpe:/a:cisco:secure_access_control_system

Required KB Items: Host/Cisco/ACS/Version, Host/Cisco/ACS/DisplayVersion

Exploit Ease: No known exploits are available

Patch Publication Date: 11/17/2014

Vulnerability Publication Date: 2/11/2015

Reference Information

CVE: CVE-2015-0580

BID: 72576

CISCO-SA: cisco-sa-20150211-csacs