Cisco Bug: CSCuq79034 - ACS Authorization Bypass
Feb 22, 2018
- Cisco Secure Access Control Server Solution Engine
Known Affected Releases
Symptom: A vulnerability in the Role Based Access Control component of Cisco Access Control Server (ACS) could allow an authenticated, remote attacker to exceed its authorization level. The vulnerability is due to improper privilege validation. An attacker could exploit this vulnerability by sending crafted HTTP request to the ACS server. An exploit could allow the attacker to do Create, Read, Update and Delete operations on any Network Identity Group with privileges limited to a Network Device Administrator. Conditions: Cisco Secure ACS running release 5.5 without patch 7 or Cisco ACS running release 5.6 without patch 2.
Related Community Discussions
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases