CVE-2014-0678

Published: Jan 25, 2014Modified: Apr 29, 2026

5.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Exploitability: 8.0 / Impact: 4.9

Source: NVD

Description

The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951.

Affected (1)

Products: Cisco: Secure Access Control System

Cisco

1 product

Secure Access Control System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Secure Access Control System	All versions

Related CWEs

CWE-264

References (14)

http://osvdb.org/102558

Source: psirt@cisco.com

http://secunia.com/advisories/56540

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0678

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=32567

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/65144

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029688

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/90732

Source: psirt@cisco.com

http://osvdb.org/102558