Published: 10/01/2005 Updated: 30/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote malicious users to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco secure access control server 3.3\\(1\\)
cisco secure access control server 3.3.1
cisco secure acs solution engine

A Cisco Secure Access Control Server (ACS) that is configured to use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) to authenticate users to the network will allow access to any user that uses a cryptographically correct certificate as long as the user name is valid Cryptographically correct means that the certificat ...

NVD-CWE-Other http://www.securityfocus.com/bid/11577 http://www.ciac.org/ciac/bulletins/p-028.shtml http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml https://exchange.xforce.ibmcloud.com/vulnerabilities/17936 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20041102-acs-eap-tls

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-1099

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect