7.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.111 Low
EPSS
Percentile
95.1%
Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client’s IP address and the server’s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka “ACS Weak Session Management Vulnerability.”
secunia.com/advisories/20816
securityreason.com/securityalert/1157
securitytracker.com/id?1016369
www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html
www.osvdb.org/26825
www.securityfocus.com/archive/1/438161/100/0/threaded
www.securityfocus.com/archive/1/438258/100/0/threaded
www.securityfocus.com/bid/18621
www.vupen.com/english/advisories/2006/2524
exchange.xforce.ibmcloud.com/vulnerabilities/27328