Details of VAR-201501-0328

ID

VAR-201501-0328

CVE

CVE-2014-8027

TITLE

Cisco Secure Access Control System of RBAC Vulnerability of obtaining network device administrator privileges in components

Trust: 0.8

sources: JVNDB: JVNDB-2014-007555

DESCRIPTION

The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034. Cisco Secure Access Control Server is prone to a privilege-escalation vulnerability. A remote attacker can exploit this issue to gain elevated privileges on an affected device. This issue is being tracked by Cisco Bug ID CSCuq79034. RBAC is one of the role-based access control components

Trust: 2.07

sources: NVD: CVE-2014-8027 // JVNDB: JVNDB-2014-007555 // BID: 71944 // VULHUB: VHN-75972 // VULMON: CVE-2014-8027

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control system	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	secure access control system software	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2014-007555 // CNNVD: CNNVD-201501-163 // NVD: CVE-2014-8027

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8027
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-8027
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201501-163
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-75972
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-8027
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-8027
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-75972
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-75972 // VULMON: CVE-2014-8027 // JVNDB: JVNDB-2014-007555 // CNNVD: CNNVD-201501-163 // NVD: CVE-2014-8027

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-75972 // JVNDB: JVNDB-2014-007555 // NVD: CVE-2014-8027

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-163

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201501-163

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007555

PATCH

title:	Cisco Secure Access Control Server Privilege Escalation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8027	Trust: 0.8
title:	Cisco: Cisco Secure Access Control Server Privilege Escalation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=Cisco-SA-20150115-CVE-2014-8027	Trust: 0.1

sources: VULMON: CVE-2014-8027 // JVNDB: JVNDB-2014-007555

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8027	Trust: 2.9
db:	BID	id:	71944	Trust: 1.5
db:	SECTRACK	id:	1031516	Trust: 1.2
db:	SECUNIA	id:	62159	Trust: 1.2
db:	JVNDB	id:	JVNDB-2014-007555	Trust: 0.8
db:	CNNVD	id:	CNNVD-201501-163	Trust: 0.7
db:	VULHUB	id:	VHN-75972	Trust: 0.1
db:	VULMON	id:	CVE-2014-8027	Trust: 0.1

sources: VULHUB: VHN-75972 // VULMON: CVE-2014-8027 // BID: 71944 // JVNDB: JVNDB-2014-007555 // CNNVD: CNNVD-201501-163 // NVD: CVE-2014-8027

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-8027	Trust: 1.8
url:	http://www.securityfocus.com/bid/71944	Trust: 1.3
url:	http://www.securitytracker.com/id/1031516	Trust: 1.2
url:	http://secunia.com/advisories/62159	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/100558	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8027	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8027	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150115-cve-2014-8027	Trust: 0.1

sources: VULHUB: VHN-75972 // VULMON: CVE-2014-8027 // BID: 71944 // JVNDB: JVNDB-2014-007555 // CNNVD: CNNVD-201501-163 // NVD: CVE-2014-8027

CREDITS

Cisco

Trust: 0.3

sources: BID: 71944

SOURCES

db:	VULHUB	id:	VHN-75972
db:	VULMON	id:	CVE-2014-8027
db:	BID	id:	71944
db:	JVNDB	id:	JVNDB-2014-007555
db:	CNNVD	id:	CNNVD-201501-163
db:	NVD	id:	CVE-2014-8027

LAST UPDATE DATE

2025-04-13T23:22:30.451000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-75972	date:	2017-09-08T00:00:00
db:	VULMON	id:	CVE-2014-8027	date:	2017-09-08T00:00:00
db:	BID	id:	71944	date:	2015-01-21T00:01:00
db:	JVNDB	id:	JVNDB-2014-007555	date:	2015-01-13T00:00:00
db:	CNNVD	id:	CNNVD-201501-163	date:	2015-01-14T00:00:00
db:	NVD	id:	CVE-2014-8027	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-75972	date:	2015-01-09T00:00:00
db:	VULMON	id:	CVE-2014-8027	date:	2015-01-09T00:00:00
db:	BID	id:	71944	date:	2015-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2014-007555	date:	2015-01-13T00:00:00
db:	CNNVD	id:	CNNVD-201501-163	date:	2015-01-09T00:00:00
db:	NVD	id:	CVE-2014-8027	date:	2015-01-09T02:59:03.383