CVE-2015-6349

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control Server (ACS) version 5.7(0.15)

Description The issue exists due to insufficient protection of the web page structure in the Solution Engine component of the Cisco Secure Access Control System. This allows a remote attacker to execute arbitrary web or HTML code using a specially crafted URL. The vulnerability can be exploited to inject arbitrary web script or HTML via a crafted URL, which is a type of cross-site scripting (XSS) attack.

Recommendations For Cisco Secure Access Control Server (ACS) version 5.7(0.15), consider restricting access to the web interface until a patch is available. As a temporary workaround, avoid using specially crafted URLs that could exploit the vulnerability.