CVE-2015-6348

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control Server (ACS) version 5.7(0.15)

Description The issue concerns the report-generation web interface in the Solution Engine component, which has inadequate access control restrictions. This allows a remote authenticated user to bypass intended Role-Based Access Control (RBAC) restrictions. By visiting a specific web page, an attacker can read report or status information, potentially including log files and device status details.

Recommendations For Cisco Secure Access Control Server (ACS) version 5.7(0.15), consider restricting access to the report-generation web interface until a fix is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation.