Cisco Secure Access Control Server (ACS) 3.2(3) and previous versions spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote malicious users to bypass authentication by connecting to that port from the same IP address.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco secure access control server 3.2 |
||
cisco secure access control server 3.3 |
||
cisco secure access control server 3.2\\(2\\) |
||
cisco secure access control server 3.2\\(3\\) |
||
cisco secure access control server 3.0 |
||
cisco secure access control server 3.1 |
||
cisco secure access control server 3.3\\(1\\) |
||
cisco secure acs solution engine |
||
cisco secure access control server 3.2\\(1\\) |