CVE-2015-6347

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control Server (ACS) version 5.7(0.15)

Description The issue concerns a component of the Cisco Secure Access Control System, specifically the Solution Engine, which has inadequate access restrictions to certain functions. This allows a remote authenticated user to bypass intended Role-Based Access Control (RBAC) restrictions. By visiting a specific web page, an attacker can create a new dashboard or portlet.

Recommendations For Cisco Secure Access Control Server (ACS) version 5.7(0.15), consider restricting access to the Solution Engine component until a patch is available. As a temporary workaround, limit the creation of new dashboards or portlets to authorized personnel only.