Vigil@nce - Cisco Secure ACS: information disclosure via RMI
February 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can use the RMI interface of Cisco
Secure ACS, to read arbitrary files, in order to obtain sensitive
information.
Impacted products: Secure ACS
Severity: 2/4
Creation date: 16/01/2014
DESCRIPTION OF THE VULNERABILITY
An authenticated attacker can use the RMI interface of Cisco
Secure ACS, to read arbitrary files, in order to obtain sensitive
information.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-Secure-ACS-information-disclosure-via-RMI-14103