CVE-2014-8027

Published: Jan 9, 2015Modified: May 6, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.

Affected (1)

Products: Cisco: Secure Access Control System

Cisco

1 product

Secure Access Control System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Secure Access Control System	All versions

Related CWEs

CWE-264

References (10)

http://secunia.com/advisories/62159

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/71944

Source: psirt@cisco.com

http://www.securitytracker.com/id/1031516

Source: psirt@cisco.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/100558

Source: psirt@cisco.com

http://secunia.com/advisories/62159