This page lists publicly disclosed CVE vulnerabilities affecting cisco secure_access_control_system (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2014-0648 | The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187. | [email protected] | 10.0 | 5.93% | 2014-01-16 | 2026-06-16 |
| CVE-2014-0663 | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625. | [email protected] | 4.3 | 1.49% | 2014-01-10 | 2026-06-16 |
| CVE-2013-6974 | Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431. | [email protected] | 4.3 | 1.44% | 2014-01-10 | 2026-06-16 |
| CVE-2013-6695 | The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274. | [email protected] | 4.0 | 0.95% | 2013-12-02 | 2026-06-16 |
| CVE-2013-5536 | Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafted packets, aka Bug ID CSCui51521. | [email protected] | 5.0 | 1.50% | 2013-10-24 | 2026-06-16 |
| CVE-2013-5470 | Cisco Secure Access Control System (ACS) does not properly handle requests to read from the TACACS+ socket, which allows remote attackers to cause a denial of service (process crash) via malformed TCP packets, aka Bug ID CSCuh12488. | [email protected] | 5.0 | 1.86% | 2013-09-03 | 2026-06-16 |
| CVE-2013-3428 | The web interface in Cisco Secure Access Control System (ACS) does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957. | [email protected] | 4.0 | 0.95% | 2013-07-15 | 2026-06-16 |
| CVE-2013-3424 | Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177. | [email protected] | 6.8 | 1.19% | 2013-07-12 | 2026-06-16 |
| CVE-2013-3423 | Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCud75174. | [email protected] | 4.3 | 0.93% | 2013-07-12 | 2026-06-16 |
| CVE-2013-3422 | Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75165. | [email protected] | 4.3 | 0.93% | 2013-07-12 | 2026-06-16 |
| CVE-2013-3421 | Cross-site scripting (XSS) vulnerability in the Help index page in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75170. | [email protected] | 4.3 | 0.93% | 2013-07-12 | 2026-06-16 |
| CVE-2013-1200 | Session fixation vulnerability in Cisco Secure Access Control System (ACS) allows remote attackers to hijack web sessions via unspecified vectors, aka Bug ID CSCud95787. | [email protected] | 6.8 | 1.21% | 2013-05-15 | 2026-06-16 |
| CVE-2013-1196 | The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, C | [email protected] | 6.8 | 0.30% | 2013-04-29 | 2026-06-16 |
| CVE-2013-1125 | The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application Networking Manager (ANM), Prime LAN Management Solution (LMS), Prime Network Control System, Quad, Context Directory Agent, Prime Collaboration, Unified Provisioning Manager, and Network Services Manager does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCue46001, CSCud95790, CSCue46021, CSCue46025, CSCue46 | [email protected] | 6.8 | 0.30% | 2013-02-19 | 2026-06-16 |
| CVE-2011-0951 | The web-based management interface in Cisco Secure Access Control System (ACS) 5.1 before 5.1.0.44.6 and 5.2 before 5.2.0.26.3 allows remote attackers to change arbitrary user passwords via unspecified vectors, aka Bug ID CSCtl77440. | [email protected] | 5.0 | 14.64% | 2011-04-04 | 2026-06-16 |