Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cisco Secure ACS 安全漏洞
Vulnerability Description
Cisco Secure Access Control System(ACS)是美国思科(Cisco)公司的一套安全访问控制系统。该系统可通过RADIUS、TACACS协议分别对网络访问和网络设备访问进行控制。 Cisco Secure ACS的RBAC(role-based access control)代码中存在安全漏洞,该漏洞源于当下载支持包时,程序没有正确检查用户权限。远程经过授权的攻击者可通过下载支持包利用该漏洞获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A