Summary
Detail | |||
---|---|---|---|
Vendor | Cisco | First view | 2000-12-11 |
Product | Secure Access Control Server | Last view | 2015-10-30 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.3 | 2015-10-30 | CVE-2015-6349 | Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
4 | 2015-10-30 | CVE-2015-6348 | The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page. |
4 | 2015-10-30 | CVE-2015-6347 | The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page. |
4.3 | 2015-10-30 | CVE-2015-6346 | Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
6.5 | 2015-10-30 | CVE-2015-6345 | SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700. |
4 | 2015-09-20 | CVE-2015-6300 | Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694. |
5 | 2015-05-21 | CVE-2015-0746 | The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. |
4.3 | 2015-05-16 | CVE-2015-0729 | Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005. |
9.3 | 2013-08-29 | CVE-2013-3466 | The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636. |
5 | 2012-11-07 | CVE-2012-5424 | Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634. |
7.5 | 2007-01-08 | CVE-2007-0105 | Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. |
10 | 2006-12-31 | CVE-2006-4098 | Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. |
7.8 | 2006-12-31 | CVE-2006-4097 | Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute. |
7.5 | 2006-06-26 | CVE-2006-3226 | Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." |
4.3 | 2006-06-20 | CVE-2006-3101 | Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters. |
7.2 | 2006-05-09 | CVE-2006-0561 | Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. |
7.5 | 2005-12-22 | CVE-2005-4499 | The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS. |
5 | 2005-05-31 | CVE-2005-0356 | Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. |
10 | 2005-01-10 | CVE-2004-1099 | Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. |
7.5 | 2004-12-31 | CVE-2004-1461 | Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address. |
7.5 | 2004-12-31 | CVE-2004-1460 | Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password. |
5 | 2004-12-31 | CVE-2004-1458 | The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002. |
7.5 | 2003-05-12 | CVE-2003-0210 | Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002. |
5 | 2002-10-04 | CVE-2002-1095 | Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set. |
7.5 | 2002-10-04 | CVE-2002-0938 | Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
27% (3) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
18% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
18% (2) | CWE-20 | Improper Input Validation |
9% (1) | CWE-287 | Improper Authentication |
9% (1) | CWE-254 | Security Features |
9% (1) | CWE-134 | Uncontrolled Format String |
9% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-18 | Embedding Scripts in Nonscript Elements |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
36126 | Cisco Secure Access Control Server (ACS) CSRadius Service Crafted RADIUS Acco... |
36125 | Cisco Secure Access Control Server (ACS) CSRadius Service Crafted RADIUS Acce... |
32642 | Cisco Secure ACS Crafted HTTP GET Request Remote Overflow |
26825 | Cisco Secure Access Control Server (ACS) Session Management Authentication By... |
26531 | Cisco Secure ACS for Unix LogonProxy.cgi Multiple Parameter XSS |
25892 | Cisco Secure ACS Registry Cleartext Authentication Credential Disclosure |
22193 | Cisco Secure Access Control Server (ACS) RAS/NAS Downloadable IP ACL Disclosure |
16685 | Multiple Vendor Malformed TCP Timestamp DoS |
11379 | Cisco Secure Access Control Server EAP-TLS Authentication Bypass |
9185 | Cisco Secure Access Control Server ACS GUI IP Spoofing Authentication Bypass |
9184 | Cisco Secure Access Control Server NDS Database Blank Password Authentication |
9182 | Cisco Secure Access Control Server CSAdmin Connection Saturation DoS |
8910 | Cisco VPN 3000 Concentrator PPTP No Encryption Option Remote DoS |
7198 | CiscoSecure ACS Server CSAdmin Module Large Packet Overflow |
5352 | CiscoSecure ACS Arbitrary File Access |
5340 | CiscoSecure ACS NDSAuth.DLL NDS Authentication Failure |
5049 | CiscoSecure ACS setup.exe action Parameter XSS |
2062 | CiscoSecure ACS For Windows Format String Overflow |
1570 | CiscoSecure ACS LDAP Null Password Authentication Bypass |
1569 | CiscoSecure ACS Oversized TACACS+ Packet DoS |
1568 | CiscoSecure ACS for Windows CSAdmin Login Overflow DoS |
OpenVAS Exploits
id | Description |
---|---|
2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-05:15.tcp.asc) File : nvt/freebsdsa_tcp1.nasl |
2005-11-03 | Name : CISCO Secure ACS Management Interface Login Overflow File : nvt/cisco_acs_web_overflow.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2013-A-0167 | Cisco Secure Access Control Server Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0040212 |
2012-B-0113 | Cisco Secure Access Control System (ACS) Authentication Bypass Vulnerability Severity: Category I - VMSKEY: V0034958 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-01 | Cisco Secure Access Control Server cross site scripting attempt RuleID : 43435 - Type : SERVER-WEBAPP - Revision : 3 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2014-10-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL4743.nasl - Type: ACT_GATHER_INFO |
2013-09-17 | Name: The remote Windows host has an access control application installed that is a... File: cisco_secure_acs_for_windows_sa20130828.nasl - Type: ACT_GATHER_INFO |
2013-07-30 | Name: The remote host is missing a vendor-supplied security patch. File: cisco-sa-20121107-acs.nasl - Type: ACT_GATHER_INFO |
2003-04-30 | Name: Arbitrary code may be executed on the remote host. File: cisco_acs_web_overflow.nasl - Type: ACT_DESTRUCTIVE_ATTACK |
2003-03-01 | Name: The remote device is missing a vendor-supplied security patch. File: CSCdt56514.nasl - Type: ACT_GATHER_INFO |
2003-03-01 | Name: The remote device is missing a vendor-supplied security patch. File: CSCdx39981.nasl - Type: ACT_GATHER_INFO |