ID
VAR-201312-0236
CVE
CVE-2013-6695
TITLE
Cisco Secure Access Control System of RBAC Vulnerability in which important information is obtained in the implementation of
Trust: 0.8
sources:
JVNDB: JVNDB-2013-005342
DESCRIPTION
The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274. Cisco Secure ACS is a central management platform for Cisco network devices that controls device authentication and authorization. Successful exploits will allow attackers to obtain sensitive information. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCuj39274. The system can respectively control network access and network device access through RADIUS and TACACS protocols
Trust: 2.52
sources:
NVD: CVE-2013-6695 //
JVNDB: JVNDB-2013-005342 //
CNVD: CNVD-2013-14842 //
BID: 64049 //
VULHUB: VHN-66697
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2013-14842
AFFECTED PRODUCTS
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | cisco | model: | secure access control system software | scope: | lte | version: | 5.4 (.0.46.3) | Trust: 0.8 |
| vendor: | cisco | model: | secure access control system | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.226.9 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.226.8 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.226.7 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.226.6 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.226.5 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.226.4 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.226.3 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.226.2 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.226.11 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.226.10 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.226.1 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.226 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.144 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.021 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.4.0.46.3 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.4.0.46.2 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.4.0.46.1 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.4 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.3.0.6 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.3.0.40.7 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.3.0.40.6 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.3.0.40.5 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.3.0.40.4 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.3.0.40.3 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.3.0.40.2 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.3.0.40.1 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.3.0.40 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.3 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.2 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.1 | Trust: 0.3 |
| vendor: | cisco | model: | secure access control system | scope: | eq | version: | 5.0 | Trust: 0.3 |
sources:
CNVD: CNVD-2013-14842 //
BID: 64049 //
JVNDB: JVNDB-2013-005342 //
CNNVD: CNNVD-201312-026 //
NVD: CVE-2013-6695
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2013-14842 //
VULHUB: VHN-66697 //
JVNDB: JVNDB-2013-005342 //
CNNVD: CNNVD-201312-026 //
NVD: CVE-2013-6695
PROBLEMTYPE DATA
| problemtype: | CWE-264 | Trust: 1.9 |
sources:
VULHUB: VHN-66697 //
JVNDB: JVNDB-2013-005342 //
NVD: CVE-2013-6695
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201312-026
TYPE
permissions and access control
Trust: 0.6
sources:
CNNVD: CNNVD-201312-026
CONFIGURATIONS
sources:
JVNDB: JVNDB-2013-005342
PATCH
| title: | Cisco Secure ACS Unprivileged Support Bundle Download Vulnerability | url: | http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6695 | Trust: 0.8 |
| title: | 31964 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=31964 | Trust: 0.8 |
| title: | Patch for Cisco Secure ACS Unprivileged Supoort-Bundle Download Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/41410 | Trust: 0.6 |
sources:
CNVD: CNVD-2013-14842 //
JVNDB: JVNDB-2013-005342
EXTERNAL IDS
| db: | NVD | id: | CVE-2013-6695 | Trust: 3.4 |
| db: | BID | id: | 64049 | Trust: 1.0 |
| db: | JVNDB | id: | JVNDB-2013-005342 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201312-026 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2013-14842 | Trust: 0.6 |
| db: | CISCO | id: | 20131202 CISCO SECURE ACS UNPRIVILEGED SUPPORT BUNDLE DOWNLOAD VULNERABILITY | Trust: 0.6 |
| db: | VULHUB | id: | VHN-66697 | Trust: 0.1 |
sources:
CNVD: CNVD-2013-14842 //
VULHUB: VHN-66697 //
BID: 64049 //
JVNDB: JVNDB-2013-005342 //
CNNVD: CNNVD-201312-026 //
NVD: CVE-2013-6695
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-6695 | Trust: 2.3 |
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=31964 | Trust: 1.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6695 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6695 | Trust: 0.8 |
| url: | http://tools.cisco.com/support/bugtoolkit/search/getbugdetails.do?method=fetchbugdetails&bugid=cscuj39274 | Trust: 0.6 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
sources:
CNVD: CNVD-2013-14842 //
VULHUB: VHN-66697 //
BID: 64049 //
JVNDB: JVNDB-2013-005342 //
CNNVD: CNNVD-201312-026 //
NVD: CVE-2013-6695
CREDITS
Cisco
Trust: 0.3
sources:
BID: 64049
SOURCES
| db: | CNVD | id: | CNVD-2013-14842 |
| db: | VULHUB | id: | VHN-66697 |
| db: | BID | id: | 64049 |
| db: | JVNDB | id: | JVNDB-2013-005342 |
| db: | CNNVD | id: | CNNVD-201312-026 |
| db: | NVD | id: | CVE-2013-6695 |
LAST UPDATE DATE
2025-04-11T23:02:51.235000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2013-14842 | date: | 2013-12-04T00:00:00 |
| db: | VULHUB | id: | VHN-66697 | date: | 2014-03-04T00:00:00 |
| db: | BID | id: | 64049 | date: | 2013-12-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-005342 | date: | 2013-12-04T00:00:00 |
| db: | CNNVD | id: | CNNVD-201312-026 | date: | 2013-12-04T00:00:00 |
| db: | NVD | id: | CVE-2013-6695 | date: | 2025-04-11T00:51:21.963 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2013-14842 | date: | 2013-12-04T00:00:00 |
| db: | VULHUB | id: | VHN-66697 | date: | 2013-12-02T00:00:00 |
| db: | BID | id: | 64049 | date: | 2013-12-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2013-005342 | date: | 2013-12-04T00:00:00 |
| db: | CNNVD | id: | CNNVD-201312-026 | date: | 2013-12-04T00:00:00 |
| db: | NVD | id: | CVE-2013-6695 | date: | 2013-12-02T22:55:24.430 |