CVE-2015-0580

Name of the Vulnerable Software and Affected Versions Cisco Secure Access Control System (ACS) versions prior to 5.5 patch 7

Description The issue allows remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests. This is due to multiple SQL injection vulnerabilities in the ACS View reporting interface pages.

Recommendations For versions prior to 5.5 patch 7, update to 5.5 patch 7 or later to resolve the issue. As a temporary workaround, consider restricting access to the ACS View reporting interface to minimize the risk of exploitation.