CyberSec.Space Logo
Back to CVE Browser

CVE-2014-0650

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0210%
EPSS Percentile18.49th
PublishedJan 16, 2014
Last ModifiedApr 29, 2026

Vulnerability Description

The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary operating-system commands via a request to this interface, aka Bug ID CSCue65962.

Affected Platforms (CPE)

πŸ“¦
Cisco

Secure Access Control System

<= 5.4.0.46.2
πŸ“¦
Cisco

Secure Access Control System

= 5.1
πŸ“¦
Cisco

Secure Access Control System

= 5.1.0.44
πŸ“¦
Cisco

Secure Access Control System

= 5.1.0.44.1
πŸ“¦
Cisco

Secure Access Control System

= 5.1.0.44.2
πŸ“¦
Cisco

Secure Access Control System

= 5.1.0.44.3
πŸ“¦
Cisco

Secure Access Control System

= 5.1.0.44.4
πŸ“¦
Cisco

Secure Access Control System

= 5.1.0.44.5
πŸ“¦
Cisco

Secure Access Control System

= 5.2
πŸ“¦
Cisco

Secure Access Control System

= 5.2.0.26
πŸ“¦
Cisco

Secure Access Control System

= 5.2.0.26.1
πŸ“¦
Cisco

Secure Access Control System

= 5.2.0.26.2
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.1
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.2
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.3
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.4
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.5
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.6
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.7
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.8
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.9
πŸ“¦
Cisco

Secure Access Control System

= 5.4.0.46.1

References & Advisories

πŸ”— http://osvdb.org/102115
πŸ”— http://secunia.com/advisories/56213
πŸ”— http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs
πŸ”— http://tools.cisco.com/security/center/viewAlert.x?alertId=32380
πŸ”— http://www.securityfocus.com/bid/64964
πŸ”— http://www.securitytracker.com/id/1029634
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/90432
πŸ”— http://osvdb.org/102115

Related Vulnerabilities

CVE-2014-064810.0

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authoriz...

CVE-2026-361110.0

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default co...

CVE-2010-530810.0

GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proxim...

CVE-2020-119679.8

In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect ...