CVE-2015-6348

The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.

Published: Oct 30, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-6348
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
cisco / secure_access_control_server	5.7.0.15	5.7.0.15.x

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1
http://www.securitytracker.com/id/1033970

Vulnerability Database

289,689

CVE-2015-6348