CVE-2008-0532

2008-03-1420:44:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-0532

cisco

secure access control server

acs

buffer overflow

remote code execution

nvd

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.927 High

EPSS

Percentile

99.0%

JSON

Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.

Affected configurations

NVD

Node

ciscoacs_for_windows

ciscoacs_solution_engine

ciscouser_changeable_passwordMatch4.1

CPENameOperatorVersion
cisco:acs_for_windowscisco acs for windowseq*
cisco:acs_solution_enginecisco acs solution engineeq*
cisco:user_changeable_passwordcisco user changeable passwordeq4.1

CPE	Name	Operator	Version
cisco:acs_for_windows	cisco acs for windows	eq	*
cisco:acs_solution_engine	cisco acs solution engine	eq	*
cisco:user_changeable_password	cisco user changeable password	eq	4.1