Published: 31/12/2004 Updated: 11/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Cisco Secure Access Control Server (ACS) 3.2(3) and previous versions spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote malicious users to bypass authentication by connecting to that port from the same IP address.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco secure access control server 3.2
cisco secure access control server 3.3
cisco secure access control server 3.2\\(2\\)
cisco secure access control server 3.2\\(3\\)
cisco secure access control server 3.0
cisco secure access control server 3.1
cisco secure access control server 3.3\\(1\\)
cisco secure acs solution engine
cisco secure access control server 3.2\\(1\\)

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) provide authentication, authorization, and accounting (AAA) services to network devices such as a network access server, Cisco PIX and a router This advisory documents multiple Denial of Service (DoS) an ...

NVD-CWE-Other http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml http://www.securityfocus.com/bid/11047 https://exchange.xforce.ibmcloud.com/vulnerabilities/17118 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040825-acs

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-1461

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect