CVE-2015-6348

Published: Oct 30, 2015Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.

Affected (1)

Products: Cisco: Secure Access Control Server

1 product

Secure Access Control Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Secure Access Control Server	Version 5.7.0.15

Related CWEs

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1033970

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1033970

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.