Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Cisco Secure ACS: privilege escalation via Dashboard/Portlet

December 2015 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can bypass restrictions in Dashboard/Portlet of Cisco
Secure ACS, in order to escalate his privileges.

Impacted products: Secure ACS.

Severity: 2/4.

Creation date: 26/10/2015.

DESCRIPTION OF THE VULNERABILITY

The Cisco Secure ACS product uses RBAC (role-based access control).

However, RBAC rules allow the creation of a Dashboard or Portlet.

An authenticated attacker can therefore create a Dashboard/Portlet
on Cisco Secure ACS, in order to escalate his privileges.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Cisco-Secure-ACS-privilege-escalation-via-Dashboard-Portlet-18183


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts