Cisco Secure Access Control System
Recent Cisco Secure Access Control System Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2022-12-15 | Cisco Secure Access Control System Java Deserialization Vulnerability | December 15, 2022 |
By the Year
In 2024 there have been 0 vulnerabilities in Cisco Secure Access Control System . Secure Access Control System did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 2 | 9.80 |
It may take a day or so for new Secure Access Control System vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Secure Access Control System Security Vulnerabilities
A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could
CVE-2018-0253
9.8 - Critical
- May 02, 2018
A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the attacker to execute arbitrary commands on the ACS device. This vulnerability affects all releases of Cisco Secure ACS prior to Release 5.8 Patch 7. Cisco Bug IDs: CSCve69037.
Improper Input Validation
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could
CVE-2018-0147
9.8 - Critical
- March 08, 2018
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988.
Marshaling, Unmarshaling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cisco Secure Access Control System or by Cisco? Click the Watch button to subscribe.
