CVE-2018-0253

CVE-2018-0253

Vendor N/A
Product Cisco Secure Access Control System
Weakness CWE-20 · Input validation
Published May 2, 2018
Last update November 29, 2024

CVSS base score

What the vulnerability does

01Description

A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the attacker to execute arbitrary commands on the ACS device. This vulnerability affects all releases of Cisco Secure ACS prior to Release 5.8 Patch 7. Cisco Bug IDs: CSCve69037.

Key dates

02Disclosure timeline

May 2, 2018 CVE published
November 29, 2024 Record updated