Sign-up

ID

VAR-201503-0367


CVE

CVE-2014-2130


TITLE

Cisco Secure Access Control Server Vulnerable to application file and configuration file modification

Trust: 0.8

sources: JVNDB: JVNDB-2014-007956

DESCRIPTION

Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189. Cisco Secure Access Control Server is prone to a remote code-execution vulnerability. Remote attackers can exploit this issue to execute arbitrary code or cause the ACS web interface unreachable. This issue being tracked by Cisco Bug ID CSCuj83189

Trust: 1.98

sources: NVD: CVE-2014-2130 // JVNDB: JVNDB-2014-007956 // BID: 72939 // VULHUB: VHN-70069

AFFECTED PRODUCTS

vendor:ciscomodel:secure access control systemscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:secure access control system softwarescope:eqversion:(acs)

Trust: 0.8

sources: JVNDB: JVNDB-2014-007956 // CNNVD: CNNVD-201503-114 // NVD: CVE-2014-2130

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2130
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2130
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201503-114
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70069
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2130
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-70069
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-70069 // JVNDB: JVNDB-2014-007956 // CNNVD: CNNVD-201503-114 // NVD: CVE-2014-2130

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-70069 // JVNDB: JVNDB-2014-007956 // NVD: CVE-2014-2130

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-114

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201503-114

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007956

PATCH
title:Cisco Secure Access Control Server Default Tomcat Administration Interface Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2130
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-007956

EXTERNAL IDS
db:NVDid:CVE-2014-2130
Trust: 2.8
db:SECTRACKid:1031844
Trust: 1.1
db:JVNDBid:JVNDB-2014-007956
Trust: 0.8
db:CNNVDid:CNNVD-201503-114
Trust: 0.7
db:BIDid:72939
Trust: 0.4
db:VULHUBid:VHN-70069
Trust: 0.1
sources:
            
            
            VULHUB: VHN-70069 // 
            
            
            
            BID: 72939 // 
            
            
            
            JVNDB: JVNDB-2014-007956 // 
            
            
            
            CNNVD: CNNVD-201503-114 // 
            
            
            
            NVD: CVE-2014-2130

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-2130
Trust: 1.7
url:http://www.securitytracker.com/id/1031844
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2130
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2130
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-70069 // 
            
            
            
            BID: 72939 // 
            
            
            
            JVNDB: JVNDB-2014-007956 // 
            
            
            
            CNNVD: CNNVD-201503-114 // 
            
            
            
            NVD: CVE-2014-2130

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 72939

SOURCES
db:VULHUBid:VHN-70069
db:BIDid:72939
db:JVNDBid:JVNDB-2014-007956
db:CNNVDid:CNNVD-201503-114
db:NVDid:CVE-2014-2130

LAST UPDATE DATE
2025-04-12T23:34:03.524000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-70069date:2015-11-30T00:00:00
db:BIDid:72939date:2015-03-19T09:45:00
db:JVNDBid:JVNDB-2014-007956date:2015-03-09T00:00:00
db:CNNVDid:CNNVD-201503-114date:2015-03-06T00:00:00
db:NVDid:CVE-2014-2130date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-70069date:2015-03-06T00:00:00
db:BIDid:72939date:2015-03-04T00:00:00
db:JVNDBid:JVNDB-2014-007956date:2015-03-09T00:00:00
db:CNNVDid:CNNVD-201503-114date:2015-03-06T00:00:00
db:NVDid:CVE-2014-2130date:2015-03-06T02:59:00.080