cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2018-0414,https://securityvulnerability.io/vulnerability/CVE-2018-0414,Cisco Secure Access Control Server XML External Entity Injection Vulnerability,"A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.",Cisco,Cisco Secure Access Control Server Solution Engine (acse),5.7,MEDIUM,0.0008699999889358878,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0
CVE-2018-0207,https://securityvulnerability.io/vulnerability/CVE-2018-0207,,"A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70595.",Cisco,Cisco Secure Access Control Server,3.3,LOW,0.0020000000949949026,false,,false,false,false,,,false,false,,2018-03-08T07:00:00.000Z,0
CVE-2018-0218,https://securityvulnerability.io/vulnerability/CVE-2018-0218,,"A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70616.",Cisco,Cisco Secure Access Control Server,3.3,LOW,0.0020000000949949026,false,,false,false,false,,,false,false,,2018-03-08T07:00:00.000Z,0
CVE-2015-6348,https://securityvulnerability.io/vulnerability/CVE-2015-6348,,"The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.",Cisco,Secure Access Control Server,,,0.0008999999845400453,false,,false,false,false,,,false,false,,2015-10-30T10:00:00.000Z,0
CVE-2015-6347,https://securityvulnerability.io/vulnerability/CVE-2015-6347,,"The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page.",Cisco,Secure Access Control Server,,,0.0006799999973736703,false,,false,false,false,,,false,false,,2015-10-30T10:00:00.000Z,0
CVE-2015-6345,https://securityvulnerability.io/vulnerability/CVE-2015-6345,,"SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.",Cisco,Secure Access Control Server,,,0.0009899999713525176,false,,false,false,false,,,false,false,,2015-10-30T10:00:00.000Z,0
CVE-2015-6349,https://securityvulnerability.io/vulnerability/CVE-2015-6349,,Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.,Cisco,Secure Access Control Server,,,0.0013500000350177288,false,,false,false,false,,,false,false,,2015-10-30T10:00:00.000Z,0
CVE-2015-6346,https://securityvulnerability.io/vulnerability/CVE-2015-6346,,Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.,Cisco,Secure Access Control Server,,,0.0013500000350177288,false,,false,false,false,,,false,false,,2015-10-30T10:00:00.000Z,0
CVE-2015-6300,https://securityvulnerability.io/vulnerability/CVE-2015-6300,,"Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694.",Cisco,Secure Access Control Server,,,0.0007699999841861427,false,,false,false,false,,,false,false,,2015-09-20T14:00:00.000Z,0
CVE-2015-0746,https://securityvulnerability.io/vulnerability/CVE-2015-0746,,"The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.",Cisco,Secure Access Control Server,,,0.001550000044517219,false,,false,false,false,,,false,false,,2015-05-22T00:00:00.000Z,0
CVE-2015-0729,https://securityvulnerability.io/vulnerability/CVE-2015-0729,,"Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005.",Cisco,Secure Access Control Server,,,0.0007300000288523734,false,,false,false,false,,,false,false,,2015-05-16T14:00:00.000Z,0
CVE-2015-0700,https://securityvulnerability.io/vulnerability/CVE-2015-0700,,"Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924.",Cisco,Secure Access Control Server Solution Engine,,,0.001120000029914081,false,,false,false,false,,,false,false,,2015-04-17T01:00:00.000Z,0
CVE-2013-3466,https://securityvulnerability.io/vulnerability/CVE-2013-3466,,"The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.",Cisco,Secure Access Control Server,,,0.003370000049471855,false,,false,false,false,,,false,false,,2013-08-29T10:00:00.000Z,0
CVE-2013-3380,https://securityvulnerability.io/vulnerability/CVE-2013-3380,,"The administrative web interface in the Access Control Server in Cisco Secure Access Control System (ACS) does not properly restrict the report view page, which allows remote authenticated users to obtain sensitive information via a direct request, aka Bug ID CSCue79279.",Cisco,Secure Access Control Server Solution Engine,,,0.0010400000028312206,false,,false,false,false,,,false,false,,2013-06-12T03:30:00.000Z,0
CVE-2012-5424,https://securityvulnerability.io/vulnerability/CVE-2012-5424,,"Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634.",Cisco,Secure Access Control Server,,,0.004989999812096357,false,,false,false,false,,,false,false,,2012-11-07T23:00:00.000Z,0
CVE-2011-3293,https://securityvulnerability.io/vulnerability/CVE-2011-3293,,"Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143.",Cisco,Secure Access Control Server,,,0.0013599999947473407,false,,false,false,false,,,false,false,,2012-05-02T10:00:00.000Z,0
CVE-2011-3317,https://securityvulnerability.io/vulnerability/CVE-2011-3317,,"Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192.",Cisco,Secure Access Control Server,,,0.0019199999514967203,false,,false,false,false,,,false,false,,2012-05-02T10:00:00.000Z,0
CVE-2008-2441,https://securityvulnerability.io/vulnerability/CVE-2008-2441,,"Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet.",Cisco,"Secure Access Control Server,Secure Acs",,,0.07254000008106232,false,,false,false,false,,,false,false,,2008-09-04T16:00:00.000Z,0
CVE-2007-0105,https://securityvulnerability.io/vulnerability/CVE-2007-0105,,Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.,Cisco,Secure Access Control Server,,,0.09730999916791916,false,,false,false,false,,,false,false,,2007-01-09T00:00:00.000Z,0
CVE-2006-4098,https://securityvulnerability.io/vulnerability/CVE-2006-4098,,Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.,Cisco,Secure Access Control Server,,,0.21014000475406647,false,,false,false,false,,,false,false,,2006-12-31T05:00:00.000Z,0
CVE-2006-4097,https://securityvulnerability.io/vulnerability/CVE-2006-4097,,Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet.  NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.,Cisco,Secure Access Control Server,,,0.023360000923275948,false,,false,false,false,,,false,false,,2006-12-31T05:00:00.000Z,0
CVE-2006-3226,https://securityvulnerability.io/vulnerability/CVE-2006-3226,,"Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka ""ACS Weak Session Management Vulnerability.""",Cisco,Secure Access Control Server,,,0.04402000084519386,false,,false,false,false,,,false,false,,2006-06-26T16:00:00.000Z,0
CVE-2006-3101,https://securityvulnerability.io/vulnerability/CVE-2006-3101,,"Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters.",Cisco,Secure Access Control Server,,,0.08370000123977661,false,,false,false,false,,,false,false,,2006-06-21T01:00:00.000Z,0
CVE-2006-0561,https://securityvulnerability.io/vulnerability/CVE-2006-0561,,"Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.",Cisco,Secure Access Control Server,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2006-05-10T02:14:00.000Z,0
CVE-2005-4499,https://securityvulnerability.io/vulnerability/CVE-2005-4499,,"The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.",Cisco,"Vpn 3001 Concentrator,Vpn 3015 Concentrator,Vpn 3020 Concentrator,Vpn 3030 Concentator,Vpn 3060 Concentrator,Vpn 3080 Concentrator,Adaptive Security Appliance Software,Vpn 3000 Concentrator Series Software,Vpn 3005 Concentrator Software,Pix Asa Ids,Pix Firewall,Secure Access Control Server,Vpn 3002 Hardware Client,Pix Firewall 501,Pix Firewall 506,Pix Firewall 515,Pix Firewall 515e,Pix Firewall 520,Pix Firewall 525,Pix Firewall 535,Pix Firewall Software",,,0.009530000388622284,false,,false,false,false,,,false,false,,2005-12-22T11:00:00.000Z,0