cvelistv5 - cve-2014-8027

CVE-2014-8027 (GCVE-0-2014-8027)

Vulnerability from cvelistv5 – Published: 2015-01-09 02:00 – Updated: 2024-08-06 13:10

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/71944	vdb-entryx_refsource_BID
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securitytracker.com/id/1031516	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/62159	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:50.014Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "71944",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71944"
          },
          {
            "name": "20150108 Cisco Secure Access Control Server Privilege Escalation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027"
          },
          {
            "name": "cisco-secureacs-cve20148027-priv-esc(100558)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100558"
          },
          {
            "name": "1031516",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031516"
          },
          {
            "name": "62159",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62159"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-07T15:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "71944",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71944"
        },
        {
          "name": "20150108 Cisco Secure Access Control Server Privilege Escalation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027"
        },
        {
          "name": "cisco-secureacs-cve20148027-priv-esc(100558)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100558"
        },
        {
          "name": "1031516",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031516"
        },
        {
          "name": "62159",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62159"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-8027",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "71944",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71944"
            },
            {
              "name": "20150108 Cisco Secure Access Control Server Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027"
            },
            {
              "name": "cisco-secureacs-cve20148027-priv-esc(100558)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100558"
            },
            {
              "name": "1031516",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031516"
            },
            {
              "name": "62159",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62159"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-8027",
    "datePublished": "2015-01-09T02:00:00",
    "dateReserved": "2014-10-08T00:00:00",
    "dateUpdated": "2024-08-06T13:10:50.014Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"716A2EC7-4A03-4BB9-B787-6DD285E25056\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.\"}, {\"lang\": \"es\", \"value\": \"El componente RBAC en Cisco Secure Access Control System (ACS) permite a usuarios remotos autenticados obtener privilegios de administrador de dispositivos de la red para operaciones de crear, eliminar, leer y actualizar a trav\\u00e9s de solicitudes HTTP manipuladas, tambi\\u00e9n conocido como Bug ID CSCuq79034.\"}]",
      "id": "CVE-2014-8027",
      "lastModified": "2024-11-21T02:18:27.240",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-01-09T02:59:03.383",
      "references": "[{\"url\": \"http://secunia.com/advisories/62159\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/71944\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1031516\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/100558\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://secunia.com/advisories/62159\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/71944\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1031516\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/100558\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-8027\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2015-01-09T02:59:03.383\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.\"},{\"lang\":\"es\",\"value\":\"El componente RBAC en Cisco Secure Access Control System (ACS) permite a usuarios remotos autenticados obtener privilegios de administrador de dispositivos de la red para operaciones de crear, eliminar, leer y actualizar a trav\u00e9s de solicitudes HTTP manipuladas, tambi\u00e9n conocido como Bug ID CSCuq79034.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"716A2EC7-4A03-4BB9-B787-6DD285E25056\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/62159\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/71944\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1031516\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/100558\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://secunia.com/advisories/62159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/71944\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1031516\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/100558\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2014-8027

Vulnerability from fkie_nvd - Published: 2015-01-09 02:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://secunia.com/advisories/62159
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/71944
psirt@cisco.com	http://www.securitytracker.com/id/1031516
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/100558
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/62159
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/71944
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031516
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/100558

Impacted products

	Vendor	Product	Version
	cisco	secure_access_control_system	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "716A2EC7-4A03-4BB9-B787-6DD285E25056",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034."
    },
    {
      "lang": "es",
      "value": "El componente RBAC en Cisco Secure Access Control System (ACS) permite a usuarios remotos autenticados obtener privilegios de administrador de dispositivos de la red para operaciones de crear, eliminar, leer y actualizar a trav\u00e9s de solicitudes HTTP manipuladas, tambi\u00e9n conocido como Bug ID CSCuq79034."
    }
  ],
  "id": "CVE-2014-8027",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-01-09T02:59:03.383",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://secunia.com/advisories/62159"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/71944"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1031516"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/62159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/71944"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100558"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201501-0328

Vulnerability from variot - Updated: 2023-12-18 12:38

The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034. Cisco Secure Access Control Server is prone to a privilege-escalation vulnerability. A remote attacker can exploit this issue to gain elevated privileges on an affected device. This issue is being tracked by Cisco Bug ID CSCuq79034. RBAC is one of the role-based access control components

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201501-0328",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "secure access control system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "secure access control system software",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007555"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-163"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-8027"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "71944"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-8027",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-8027",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-75972",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-8027",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201501-163",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-75972",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-8027",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-75972"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007555"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-163"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034. Cisco Secure Access Control Server is prone to a privilege-escalation vulnerability. \nA remote attacker can exploit this issue to gain elevated privileges on an affected device. \nThis issue is being tracked by Cisco Bug ID CSCuq79034. RBAC is one of the role-based access control components",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-8027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007555"
      },
      {
        "db": "BID",
        "id": "71944"
      },
      {
        "db": "VULHUB",
        "id": "VHN-75972"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8027"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-8027",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "71944",
        "trust": 1.5
      },
      {
        "db": "SECTRACK",
        "id": "1031516",
        "trust": 1.2
      },
      {
        "db": "SECUNIA",
        "id": "62159",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007555",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-163",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-75972",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8027",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-75972"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8027"
      },
      {
        "db": "BID",
        "id": "71944"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007555"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-163"
      }
    ]
  },
  "id": "VAR-201501-0328",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-75972"
      }
    ],
    "trust": 0.50886658
  },
  "last_update_date": "2023-12-18T12:38:05.984000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Cisco Secure Access Control Server Privilege Escalation Vulnerability",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8027"
      },
      {
        "title": "Cisco: Cisco Secure Access Control Server Privilege Escalation Vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20150115-cve-2014-8027"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-8027"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007555"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-75972"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007555"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8027"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8027"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/71944"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1031516"
      },
      {
        "trust": 1.2,
        "url": "http://secunia.com/advisories/62159"
      },
      {
        "trust": 1.2,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100558"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8027"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8027"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/264.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150115-cve-2014-8027"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-75972"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8027"
      },
      {
        "db": "BID",
        "id": "71944"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007555"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-163"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-75972"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8027"
      },
      {
        "db": "BID",
        "id": "71944"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007555"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8027"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-163"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-75972"
      },
      {
        "date": "2015-01-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-8027"
      },
      {
        "date": "2015-01-08T00:00:00",
        "db": "BID",
        "id": "71944"
      },
      {
        "date": "2015-01-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007555"
      },
      {
        "date": "2015-01-09T02:59:03.383000",
        "db": "NVD",
        "id": "CVE-2014-8027"
      },
      {
        "date": "2015-01-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-163"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-75972"
      },
      {
        "date": "2017-09-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-8027"
      },
      {
        "date": "2015-01-21T00:01:00",
        "db": "BID",
        "id": "71944"
      },
      {
        "date": "2015-01-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-007555"
      },
      {
        "date": "2017-09-08T01:29:19.793000",
        "db": "NVD",
        "id": "CVE-2014-8027"
      },
      {
        "date": "2015-01-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201501-163"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-163"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Secure Access Control System of  RBAC Vulnerability of obtaining network device administrator privileges in components",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-007555"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201501-163"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2015-00232

Vulnerability from cnvd - Published: 2015-01-13

Title

Cisco Secure Access Control Server权限提升漏洞

Description

Cisco Secure ACS(Access Control Server)是一种多功能AAA认证服务器。 Cisco Secure Access Control Server存在权限提升漏洞，允许远程认证用户通过制作的HTTP请求获取网络设备管理员权限，可进行创建，删除，读取和更新操作。

Severity

中

Patch Name

Cisco Secure Access Control Server权限提升漏洞的补丁

Patch Description

Cisco Secure ACS(Access Control Server)是一种多功能AAA认证服务器。Cisco Secure Access Control Server存在权限提升漏洞，允许远程认证用户通过制作的HTTP请求获取网络设备管理员权限，可进行创建，删除，读取和更新操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027 http://www.securityfocus.com/bid/71944

Impacted products

Name
Cisco Secure Access Control System (ACS)

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "71944"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-8027"
    }
  },
  "description": "Cisco Secure ACS(Access Control Server)\u662f\u4e00\u79cd\u591a\u529f\u80fdAAA\u8ba4\u8bc1\u670d\u52a1\u5668\u3002\r\n\r\nCisco Secure Access Control Server\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u8ba4\u8bc1\u7528\u6237\u901a\u8fc7\u5236\u4f5c\u7684HTTP\u8bf7\u6c42\u83b7\u53d6\u7f51\u7edc\u8bbe\u5907\u7ba1\u7406\u5458\u6743\u9650\uff0c\u53ef\u8fdb\u884c\u521b\u5efa\uff0c\u5220\u9664\uff0c\u8bfb\u53d6\u548c\u66f4\u65b0\u64cd\u4f5c\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-00232",
  "openTime": "2015-01-13",
  "patchDescription": "Cisco Secure ACS(Access Control Server)\u662f\u4e00\u79cd\u591a\u529f\u80fdAAA\u8ba4\u8bc1\u670d\u52a1\u5668\u3002Cisco Secure Access Control Server\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u8ba4\u8bc1\u7528\u6237\u901a\u8fc7\u5236\u4f5c\u7684HTTP\u8bf7\u6c42\u83b7\u53d6\u7f51\u7edc\u8bbe\u5907\u7ba1\u7406\u5458\u6743\u9650\uff0c\u53ef\u8fdb\u884c\u521b\u5efa\uff0c\u5220\u9664\uff0c\u8bfb\u53d6\u548c\u66f4\u65b0\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Secure Access Control Server\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Secure Access Control System (ACS)"
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027\r\nhttp://www.securityfocus.com/bid/71944",
  "serverity": "\u4e2d",
  "submitTime": "2015-01-12",
  "title": "Cisco Secure Access Control Server\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

GSD-2014-8027

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-8027

Aliases

CVE-2014-8027

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-8027",
    "description": "The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.",
    "id": "GSD-2014-8027"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-8027"
      ],
      "details": "The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.",
      "id": "GSD-2014-8027",
      "modified": "2023-12-13T01:22:48.997581Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-8027",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "71944",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/71944"
          },
          {
            "name": "20150108 Cisco Secure Access Control Server Privilege Escalation Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027"
          },
          {
            "name": "cisco-secureacs-cve20148027-priv-esc(100558)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100558"
          },
          {
            "name": "1031516",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031516"
          },
          {
            "name": "62159",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/62159"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_system:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-8027"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150108 Cisco Secure Access Control Server Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027"
            },
            {
              "name": "1031516",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031516"
            },
            {
              "name": "71944",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/71944"
            },
            {
              "name": "62159",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/62159"
            },
            {
              "name": "cisco-secureacs-cve20148027-priv-esc(100558)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100558"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-08T01:29Z",
      "publishedDate": "2015-01-09T02:59Z"
    }
  }
}

GHSA-7J69-9XQR-GVQQ

Vulnerability from github – Published: 2022-05-17 01:13 – Updated: 2022-05-17 01:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-8027"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-01-09T02:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.",
  "id": "GHSA-7j69-9xqr-gvqq",
  "modified": "2022-05-17T01:13:50Z",
  "published": "2022-05-17T01:13:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8027"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100558"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/62159"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/71944"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031516"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-8027 (GCVE-0-2014-8027)

FKIE_CVE-2014-8027

VAR-201501-0328

CNVD-2015-00232

GSD-2014-8027

GHSA-7J69-9XQR-GVQQ

Tags

Sightings

Nomenclature