var-201502-0119
Vulnerability from variot
Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027. Vendors have confirmed this vulnerability Bug ID CSCuq79027 It is released as.Crafted by a remotely authenticated administrator HTTPS Any via request SQL The command may be executed. Cisco Secure ACS is a central management platform for Cisco network devices that controls device authentication and authorization. An attacker could exploit this vulnerability to compromise an application, accessing or modifying data. This issue is tracked by Cisco Bug ID CSCuq79027. The system can respectively control network access and network device access through RADIUS and TACACS protocols
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0119",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure access control system",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "5.5.0.46"
},
{
"model": "secure access control system software",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "5.5 patch 7"
},
{
"model": "secure access control system",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "secure access control system",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.5.0.46"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01137"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001485"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-265"
},
{
"db": "NVD",
"id": "CVE-2015-0580"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:secure_access_control_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001485"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lukasz Plonka from ING Services Polska",
"sources": [
{
"db": "BID",
"id": "72576"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0580",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2015-0580",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-01137",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-78526",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0580",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-0580",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-01137",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-265",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78526",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01137"
},
{
"db": "VULHUB",
"id": "VHN-78526"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001485"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-265"
},
{
"db": "NVD",
"id": "CVE-2015-0580"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027. Vendors have confirmed this vulnerability Bug ID CSCuq79027 It is released as.Crafted by a remotely authenticated administrator HTTPS Any via request SQL The command may be executed. Cisco Secure ACS is a central management platform for Cisco network devices that controls device authentication and authorization. An attacker could exploit this vulnerability to compromise an application, accessing or modifying data. \nThis issue is tracked by Cisco Bug ID CSCuq79027. The system can respectively control network access and network device access through RADIUS and TACACS protocols",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0580"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001485"
},
{
"db": "CNVD",
"id": "CNVD-2015-01137"
},
{
"db": "BID",
"id": "72576"
},
{
"db": "VULHUB",
"id": "VHN-78526"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0580",
"trust": 3.4
},
{
"db": "BID",
"id": "72576",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1031740",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001485",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-265",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01137",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-78526",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01137"
},
{
"db": "VULHUB",
"id": "VHN-78526"
},
{
"db": "BID",
"id": "72576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001485"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-265"
},
{
"db": "NVD",
"id": "CVE-2015-0580"
}
]
},
"id": "VAR-201502-0119",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01137"
},
{
"db": "VULHUB",
"id": "VHN-78526"
}
],
"trust": 1.11405407
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01137"
}
]
},
"last_update_date": "2024-11-23T22:34:59.689000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20150211-csacs",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs"
},
{
"title": "37354",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37354"
},
{
"title": "cisco-sa-20150211-csacs",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/112/1128/1128310_cisco-sa-20150211-csacs-j.html"
},
{
"title": "Patch for Cisco Secure Access Control System SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/55392"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01137"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001485"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78526"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001485"
},
{
"db": "NVD",
"id": "CVE-2015-0580"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150211-csacs"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/72576"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031740"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100812"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0580"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0580"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72576/info"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01137"
},
{
"db": "VULHUB",
"id": "VHN-78526"
},
{
"db": "BID",
"id": "72576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001485"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-265"
},
{
"db": "NVD",
"id": "CVE-2015-0580"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01137"
},
{
"db": "VULHUB",
"id": "VHN-78526"
},
{
"db": "BID",
"id": "72576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001485"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-265"
},
{
"db": "NVD",
"id": "CVE-2015-0580"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01137"
},
{
"date": "2015-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-78526"
},
{
"date": "2015-02-11T00:00:00",
"db": "BID",
"id": "72576"
},
{
"date": "2015-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001485"
},
{
"date": "2015-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-265"
},
{
"date": "2015-02-12T01:59:21.593000",
"db": "NVD",
"id": "CVE-2015-0580"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01137"
},
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-78526"
},
{
"date": "2015-03-19T08:05:00",
"db": "BID",
"id": "72576"
},
{
"date": "2015-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001485"
},
{
"date": "2015-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-265"
},
{
"date": "2024-11-21T02:23:21.360000",
"db": "NVD",
"id": "CVE-2015-0580"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-265"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Secure Access Control System SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01137"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-265"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-265"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…