Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

secure access control server vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2
CVE-2018-0218
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server before 5.8 patch 9 could allow an unauthenticated, remote malicious user to gain read access to certain information in the affected system. The vulnerability is due to improper handling of X...
Cisco Secure Access Control Server Solution Engine 5.8\\(0.8\\)
10
CVSSv2
CVE-2004-1099
Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote malicious users t...
Cisco Secure Access Control Server 3.3\\(1\\)Cisco Secure Access Control Server 3.3.1Cisco Secure Acs Solution Engine
5
CVSSv2
CVE-2015-0746
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote malicious users to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.
Cisco Secure Access Control Server 5.5\\(0.46.2\\)
5
CVSSv2
CVE-2012-5424
Cisco Secure Access Control System (ACS) 5.x prior to 5.2 Patch 11 and 5.3 prior to 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote malicious users to bypass authentication by sending a valid ...
Cisco Secure Access Control Server 5.1Cisco Secure Access Control Server 5.2Cisco Secure Access Control Server 5.0Cisco Secure Access Control Server 5.3
6.3
CVSSv2
CVE-2014-0667
The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169.
Cisco Secure Access Control System -
9.4
CVSSv2
CVE-2005-4332
Cisco Clean Access 3.5.5 and previous versions on the Secure Smart Manager allows remote malicious users to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_actio...
Cisco Network Admission Control Manager And Server System Software 3.3Cisco Network Admission Control Manager And Server System Software 3.3.1Cisco Network Admission Control Manager And Server System Software 3.3.9Cisco Network Admission Control Manager And Server System Software 3.4Cisco Network Admission Control Manager And Server System Software 3.5.1Cisco Network Admission Control Manager And Server System Software 3.5.2Cisco Network Admission Control Manager And Server System Software 3.3.7Cisco Network Admission Control Manager And Server System Software 3.3.8Cisco Network Admission Control Manager And Server System Software 3.4.5Cisco Network Admission Control Manager And Server System Software 3.5Cisco Network Admission Control Manager And Server System Software 3.3.2Cisco Network Admission Control Manager And Server System Software 3.3.3Cisco Network Admission Control Manager And Server System Software 3.4.1Cisco Network Admission Control Manager And Server System Software 3.4.2Cisco Network Admission Control Manager And Server System Software 3.5.3Cisco Network Admission Control Manager And Server System Software 3.5.4Cisco Network Admission Control Manager And Server System Software 3.3.4Cisco Network Admission Control Manager And Server System Software 3.3.5Cisco Network Admission Control Manager And Server System Software 3.3.6Cisco Network Admission Control Manager And Server System Software 3.4.3Cisco Network Admission Control Manager And Server System Software 3.4.4Cisco Network Admission Control Manager And Server System Software 3.5.5
5.7
CVSSv2
CVE-2005-4825
Cisco Clean Access 3.5.5 and previous versions on the Secure Smart Manager allows remote malicious users to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessible, by uploading files through requests to certain JSP scripts, a...
Cisco Network Admission Control Manager And Server System Software 3.5.4Cisco Network Admission Control Manager And Server System Software 3.5Cisco Network Admission Control Manager And Server System Software 3.5\\(9\\)Cisco Network Admission Control Manager And Server System Software 3.5.1Cisco Network Admission Control Manager And Server System Software 3.5.2Cisco Network Admission Control Manager And Server System Software 3.5.3Cisco Network Admission Control Manager And Server System Software 3.5.5
NA
CVE-2022-23854
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
Aveva Intouch Access Anywhere 2020Aveva Intouch Access Anywhere
7.2
CVSSv2
CVE-2007-2965
Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and previous versions allows local u...
F-secure F-secure Internet Security 2006F-secure F-secure Internet Security 2007F-secure F-secure Anti-virus Client SecurityF-secure F-secure Anti-virus Linux Client SecurityF-secure F-secure Anti-virus 2007F-secure F-secure Internet Security 2005F-secure F-secure Anti-virusF-secure F-secure Anti-virus Linux Server SecurityF-secure F-secure Protection ServiceF-secure F-secure Anti-virus 2005F-secure F-secure Anti-virus 2006F-secure Internet Gatekeeper
5
CVSSv2
CVE-2001-0748
Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote malicious users to read arbitrary files by prepending several / (slash) characters to the URI.
Acme Labs Acme Server 1.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook