exploitDog

CVE-2013-6695

Опубликовано: 02 дек. 2013

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6695
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6695
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00176

Низкий

4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-7977-cpc9-f879

github

больше 3 лет назад

The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274.

EPSS

Процентиль: 39%

0.00176

Низкий

4 Medium

CVSS2

Дефекты

CWE-264