Vigil@nce - Cisco Secure ACS: privilege escalation via Tomcat
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can use the Tomcat administration
interface of Cisco Secure ACS, in order to escalate his privileges.
Impacted products: Secure ACS
Severity: 2/4
Creation date: 05/03/2015
DESCRIPTION OF THE VULNERABILITY
The Cisco Secure ACS product offers a web service.
However, an authenticated user can access to the Tomcat
administration interface.
An authenticated attacker can therefore use the Tomcat
administration interface of Cisco Secure ACS, in order to escalate
his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-Secure-ACS-privilege-escalation-via-Tomcat-16324