CyberSec.Space Logo
Back to CVE Browser

CVE-2014-0648

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1020%
EPSS Percentile27.48th
PublishedJan 16, 2014
Last ModifiedApr 29, 2026

Vulnerability Description

The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187.

Affected Platforms (CPE)

πŸ“¦
Cisco

Secure Access Control System

<= 5.4.0.46.6
πŸ“¦
Cisco

Secure Access Control System

= 5.1
πŸ“¦
Cisco

Secure Access Control System

= 5.1.0.44
πŸ“¦
Cisco

Secure Access Control System

= 5.1.0.44.1
πŸ“¦
Cisco

Secure Access Control System

= 5.1.0.44.2
πŸ“¦
Cisco

Secure Access Control System

= 5.1.0.44.3
πŸ“¦
Cisco

Secure Access Control System

= 5.1.0.44.4
πŸ“¦
Cisco

Secure Access Control System

= 5.1.0.44.5
πŸ“¦
Cisco

Secure Access Control System

= 5.2
πŸ“¦
Cisco

Secure Access Control System

= 5.2.0.26
πŸ“¦
Cisco

Secure Access Control System

= 5.2.0.26.1
πŸ“¦
Cisco

Secure Access Control System

= 5.2.0.26.2
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.1
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.2
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.3
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.4
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.5
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.6
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.7
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.8
πŸ“¦
Cisco

Secure Access Control System

= 5.3.0.40.9
πŸ“¦
Cisco

Secure Access Control System

= 5.4.0.46.1
πŸ“¦
Cisco

Secure Access Control System

= 5.4.0.46.2
πŸ“¦
Cisco

Secure Access Control System

= 5.4.0.46.3
πŸ“¦
Cisco

Secure Access Control System

= 5.4.0.46.4
πŸ“¦
Cisco

Secure Access Control System

= 5.4.0.46.5

References & Advisories

πŸ”— http://osvdb.org/102117
πŸ”— http://secunia.com/advisories/56213
πŸ”— http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140115-csacs
πŸ”— http://tools.cisco.com/security/center/viewAlert.x?alertId=32379
πŸ”— http://www.securityfocus.com/bid/64962
πŸ”— http://www.securitytracker.com/id/1029634
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/90431
πŸ”— http://osvdb.org/102117

Related Vulnerabilities

CVE-2014-065010.0

The web interface in Cisco Secure Access Control System (ACS) 5.x before 5.4 Patch 3 allows remote attackers to execute arbitrary ...

CVE-2026-361110.0

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default co...

CVE-2010-530810.0

GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proxim...

CVE-2020-119679.8

In IQrouter through 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect ...