Summary
| Detail | |||
|---|---|---|---|
| Vendor | Cisco | First view | 2005-05-31 |
| Product | Secure Access Control Server | Last view | 2013-08-29 |
| Version | 2.3.5.1 | Type | Application |
| Update | * | ||
| Edition | unix | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:cisco:secure_access_control_server | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.3 | 2013-08-29 | CVE-2013-3466 | The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636. |
| 7.5 | 2007-01-08 | CVE-2007-0105 | Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. |
| 7.8 | 2006-12-31 | CVE-2006-4097 | Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute. |
| 7.5 | 2005-12-22 | CVE-2005-4499 | The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS. |
| 5 | 2005-05-31 | CVE-2005-0356 | Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-287 | Improper Authentication |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 36125 | Cisco Secure Access Control Server (ACS) CSRadius Service Crafted RADIUS Acce... |
| 32642 | Cisco Secure ACS Crafted HTTP GET Request Remote Overflow |
| 22193 | Cisco Secure Access Control Server (ACS) RAS/NAS Downloadable IP ACL Disclosure |
| 16685 | Multiple Vendor Malformed TCP Timestamp DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-05:15.tcp.asc) File : nvt/freebsdsa_tcp1.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2013-A-0167 | Cisco Secure Access Control Server Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0040212 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2014-10-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL4743.nasl - Type: ACT_GATHER_INFO |
| 2013-09-17 | Name: The remote Windows host has an access control application installed that is a... File: cisco_secure_acs_for_windows_sa20130828.nasl - Type: ACT_GATHER_INFO |
