Lucene search

[email protected]CVE-2006-3226

HistoryJun 26, 2006 - 4:05 p.m.

CVE-2006-3226

2006-06-2616:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cisco

acs

weak session management

vulnerability

remote access

authentication bypass

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.111 Low

EPSS

Percentile

95.1%

JSON

Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client’s IP address and the server’s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka “ACS Weak Session Management Vulnerability.”

CPENameOperatorVersion
cisco:secure_access_control_servercisco secure access control servereq4.0.1
cisco:secure_access_control_servercisco secure access control servereq4.0

CPE	Name	Operator	Version
cisco:secure_access_control_server	cisco secure access control server	eq	4.0.1
cisco:secure_access_control_server	cisco secure access control server	eq	4.0

References

secunia.com/advisories/20816

securityreason.com/securityalert/1157

securitytracker.com/id?1016369

www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html

www.osvdb.org/26825

www.securityfocus.com/archive/1/438161/100/0/threaded

www.securityfocus.com/archive/1/438258/100/0/threaded

www.securityfocus.com/bid/18621

www.vupen.com/english/advisories/2006/2524

exchange.xforce.ibmcloud.com/vulnerabilities/27328

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.111 Low

EPSS

Percentile

95.1%

JSON

Related for CVE-2006-3226

cvelist1