Sign-up

ID

VAR-201401-0331


CVE

CVE-2014-0667


TITLE

Cisco Secure Access Control System of RMI An arbitrary file read vulnerability in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2014-001192

DESCRIPTION

The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169. Cisco Secure ACS is a central management platform for Cisco network devices that controls device authentication and authorization. This issue is tracked by Cisco Bug ID CSCud75169. The system can respectively control network access and network device access through RADIUS and TACACS protocols. The vulnerability stems from the fact that the program does not perform authentication operations

Trust: 2.52

sources: NVD: CVE-2014-0667 // JVNDB: JVNDB-2014-001192 // CNVD: CNVD-2014-00479 // BID: 64983 // VULHUB: VHN-68160

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00479

AFFECTED PRODUCTS

vendor:ciscomodel:secure access control systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:secure access control system softwarescope:lteversion:5.4(.0.46.3)

Trust: 0.8

vendor:ciscomodel:secure access control systemscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2014-00479 // JVNDB: JVNDB-2014-001192 // CNNVD: CNNVD-201401-352 // NVD: CVE-2014-0667

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0667
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0667
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00479
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201401-352
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68160
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0667
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00479
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-68160
severity: MEDIUM
baseScore: 6.3
vectorString: AV:N/AC:M/AU:S/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00479 // VULHUB: VHN-68160 // JVNDB: JVNDB-2014-001192 // CNNVD: CNNVD-201401-352 // NVD: CVE-2014-0667

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-68160 // JVNDB: JVNDB-2014-001192 // NVD: CVE-2014-0667

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-352

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201401-352

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001192

PATCH
title:Cisco Secure ACS RMI Arbitrary File Read Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0667
Trust: 0.8
title:32468url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32468
Trust: 0.8
title:Patch for Cisco Secure ACS RMI Arbitrary File Read Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/42709
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00479 // 
            
            
            
            JVNDB: JVNDB-2014-001192

EXTERNAL IDS
db:NVDid:CVE-2014-0667
Trust: 3.4
db:BIDid:64983
Trust: 2.0
db:SECTRACKid:1029641
Trust: 1.1
db:OSVDBid:102168
Trust: 1.1
db:JVNDBid:JVNDB-2014-001192
Trust: 0.8
db:CNNVDid:CNNVD-201401-352
Trust: 0.7
db:CNVDid:CNVD-2014-00479
Trust: 0.6
db:CISCOid:20140116 CISCO SECURE ACS RMI ARBITRARY FILE READ VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-68160
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00479 // 
            
            
            
            VULHUB: VHN-68160 // 
            
            
            
            BID: 64983 // 
            
            
            
            JVNDB: JVNDB-2014-001192 // 
            
            
            
            CNNVD: CNNVD-201401-352 // 
            
            
            
            NVD: CVE-2014-0667

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0667
Trust: 2.3
url:http://www.securityfocus.com/bid/64983
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32468
Trust: 1.1
url:http://osvdb.org/102168
Trust: 1.1
url:http://www.securitytracker.com/id/1029641
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90497
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0667
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0667
Trust: 0.8
url:http://www.cisco.com/en/us/products/sw/secursw/ps2086/index.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-00479 // 
            
            
            
            VULHUB: VHN-68160 // 
            
            
            
            BID: 64983 // 
            
            
            
            JVNDB: JVNDB-2014-001192 // 
            
            
            
            CNNVD: CNNVD-201401-352 // 
            
            
            
            NVD: CVE-2014-0667

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64983

SOURCES
db:CNVDid:CNVD-2014-00479
db:VULHUBid:VHN-68160
db:BIDid:64983
db:JVNDBid:JVNDB-2014-001192
db:CNNVDid:CNNVD-201401-352
db:NVDid:CVE-2014-0667

LAST UPDATE DATE
2024-11-23T22:59:41.800000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00479date:2014-01-21T00:00:00
db:VULHUBid:VHN-68160date:2017-08-29T00:00:00
db:BIDid:64983date:2014-01-20T08:23:00
db:JVNDBid:JVNDB-2014-001192date:2014-01-20T00:00:00
db:CNNVDid:CNNVD-201401-352date:2014-01-22T00:00:00
db:NVDid:CVE-2014-0667date:2024-11-21T02:02:37.440

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-00479date:2014-01-21T00:00:00
db:VULHUBid:VHN-68160date:2014-01-16T00:00:00
db:BIDid:64983date:2014-01-16T00:00:00
db:JVNDBid:JVNDB-2014-001192date:2014-01-20T00:00:00
db:CNNVDid:CNNVD-201401-352date:2014-01-22T00:00:00
db:NVDid:CVE-2014-0667date:2014-01-16T19:55:04.763