Published: 31/12/2004 Updated: 11/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Cisco Secure Access Control Server (ACS) 3.2(3) and previous versions spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote malicious users to bypass authentication by connecting to that port from the same IP address.

Vendor Advisories

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) provide authentication, authorization, and accounting (AAA) services to network devices such as a network access server, Cisco PIX and a router This advisory documents multiple Denial of Service (DoS) an ...