CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
49.3%
A vulnerability in the firewall modules of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to cause certain internal processes to crash.
The vulnerability is due to improper implementation of the firewall rule to limit incoming packets. An attacker could exploit this vulnerability by flooding the affected service with crafted packets. An exploit could allow the attacker to render some processes nonoperational, resulting in a denial of service (DoS) condition.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | secure_access_control_system | any | cpe:2.3:a:cisco:secure_access_control_system:any:*:*:*:*:*:*:* |