Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

cisco secure access control server 3.1 vulnerabilities and exploits

(subscribe to this query)
7.2
CVSSv2
CVE-2006-0561
Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functi...
Cisco Secure Access Control Server 3.0Cisco Secure Access Control Server 3.1.1Cisco Secure Access Control Server 3.1Cisco Secure Access Control Server 3.2Cisco Secure Access Control Server 3.0.1Cisco Secure Access Control Server 3.0.3Cisco Secure Access Control Server 3.3
10
CVSSv2
CVE-2006-4098
Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows prior to 4.1 and ACS Solution Engine prior to 4.1 allows remote malicious users to execute arbitrary code via a crafted RADIUS Accounting-Request packet.
Cisco Secure Access Control Server 3.0Cisco Secure Access Control Server 3.1Cisco Secure Access Control Server 3.2.2Cisco Secure Access Control Server 3.3Cisco Secure Access Control Server 3.2\\(1.20\\)Cisco Secure Access Control Server 3.2\\(2\\)Cisco Secure Access Control Server 4.0Cisco Secure Access Control Server 4.0.1Cisco Secure Access Control Server 3.2\\(3\\)Cisco Secure Access Control Server 3.2.1Cisco Secure Access Control Server 3.2Cisco Secure Access Control Server 3.2\\(1\\)Cisco Secure Access Control Server 3.3\\(1\\)Cisco Secure Access Control Server 3.3.1Cisco Secure Access Control Server 3.3.2
7.5
CVSSv2
CVE-2004-1460
Cisco Secure Access Control Server (ACS) 3.2(3) and previous versions, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote malicious users to gain unauthorized access to AAA clients via a blank password.
Cisco Secure Access Control Server 3.0Cisco Secure Access Control Server 3.1Cisco Secure Access Control Server 3.2Cisco Secure Acs Solution EngineCisco Secure Access Control Server 3.3Cisco Secure Access Control Server 3.3\\(1\\)Cisco Secure Access Control Server 3.2\\(1\\)Cisco Secure Access Control Server 3.2\\(2\\)Cisco Secure Access Control Server 3.2\\(3\\)
7.5
CVSSv2
CVE-2004-1461
Cisco Secure Access Control Server (ACS) 3.2(3) and previous versions spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote malicious users to bypass authentication by connecting to that port from the same ...
Cisco Secure Access Control Server 3.2Cisco Secure Access Control Server 3.3Cisco Secure Access Control Server 3.2\\(2\\)Cisco Secure Access Control Server 3.2\\(3\\)Cisco Secure Access Control Server 3.0Cisco Secure Access Control Server 3.1Cisco Secure Access Control Server 3.3\\(1\\)Cisco Secure Acs Solution EngineCisco Secure Access Control Server 3.2\\(1\\)
5
CVSSv2
CVE-2004-1458
The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote malicious users to cause a denial of service (hang) via a flood of TCP connections to port 2002.
Cisco Secure Access Control Server 3.2Cisco Secure Access Control Server 3.3Cisco Secure Access Control Server 3.2\\(3\\)Cisco Secure Access Control Server 3.0Cisco Secure Access Control Server 3.1Cisco Secure Access Control Server 3.3\\(1\\)Cisco Secure Acs Solution EngineCisco Secure Access Control Server 3.2\\(1\\)Cisco Secure Access Control Server 3.2\\(2\\)
5
CVSSv2
CVE-2005-0356
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote malicious users to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard late...
Cisco Interactive Voice ResponseCisco Ip Contact Center EnterpriseCisco Personal Assistant 1.4\\(2\\)Cisco Emergency Responder 1.1Cisco Intelligent Contact Manager 5.0Cisco Personal Assistant 1.3\\(3\\)Cisco Personal Assistant 1.3\\(4\\)Cisco Personal Assistant 1.4\\(1\\)Cisco Secure Access Control Server 2.3Cisco Secure Access Control Server 2.6Cisco Secure Access Control Server 3.0Cisco Secure Access Control Server 3.2\\(1.20\\)Cisco Secure Access Control Server 3.2\\(2\\)Cisco Agent DesktopCisco E-mail ManagerCisco Personal Assistant 1.3\\(1\\)Cisco Personal Assistant 1.3\\(2\\)Cisco Secure Access Control Server 2.3.5.1Cisco Secure Access Control Server 2.3.6.1Cisco Secure Access Control Server 2.6.3Cisco Secure Access Control Server 2.6.4Cisco Secure Access Control Server 3.1.1
7.5
CVSSv2
CVE-2005-4499
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote malicious u...
Cisco Vpn 3001 ConcentratorCisco Vpn 3015 ConcentratorCisco Vpn 3020 ConcentratorCisco Vpn 3030 ConcentatorCisco Vpn 3060 ConcentratorCisco Vpn 3080 ConcentratorCisco Adaptive Security Appliance Software 7.0Cisco Adaptive Security Appliance Software 7.0\\(4\\)Cisco Adaptive Security Appliance Software 7.0.1.4Cisco Adaptive Security Appliance Software 7.0.4.3Cisco Vpn 3000 Concentrator Series Software 2.0Cisco Vpn 3000 Concentrator Series Software 2.5.2.aCisco Vpn 3000 Concentrator Series Software 2.5.2.bCisco Vpn 3000 Concentrator Series Software 2.5.2.cCisco Vpn 3000 Concentrator Series Software 2.5.2.dCisco Vpn 3000 Concentrator Series Software 2.5.2.fCisco Vpn 3000 Concentrator Series Software 3.0Cisco Vpn 3000 Concentrator Series Software 3.0.3.aCisco Vpn 3000 Concentrator Series Software 3.0.3.bCisco Vpn 3000 Concentrator Series Software 3.0.4Cisco Vpn 3000 Concentrator Series Software 3.1Cisco Vpn 3000 Concentrator Series Software 3.1\\(rel\\)
10
CVSSv2
CVE-2002-0013
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote malicious users to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test...
Snmp Snmp
10
CVSSv2
CVE-2002-0012
Vulnerabilities in a large number of SNMP implementations allow remote malicious users to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into m...
Snmp Snmp
4.3
CVSSv2
CVE-2015-1788
The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL prior to 0.9.8s, 1.0.0 prior to 1.0.0e, 1.0.1 prior to 1.0.1n, and 1.0.2 prior to 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows re...
Openssl OpensslOpenssl Openssl 1.0.1mOpenssl Openssl 1.0.2aOpenssl Openssl 1.0.1jOpenssl Openssl 1.0.0nOpenssl Openssl 1.0.1Openssl Openssl 1.0.0cOpenssl Openssl 1.0.0iOpenssl Openssl 1.0.0Openssl Openssl 1.0.1hOpenssl Openssl 1.0.0mOpenssl Openssl 1.0.1cOpenssl Openssl 1.0.1gOpenssl Openssl 1.0.0hOpenssl Openssl 1.0.0eOpenssl Openssl 1.0.0fOpenssl Openssl 1.0.0dOpenssl Openssl 1.0.0jOpenssl Openssl 1.0.0pOpenssl Openssl 1.0.1aOpenssl Openssl 1.0.0oOpenssl Openssl 1.0.1d
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook