Lucene search

[email protected]CVE-2013-3466

HistoryAug 29, 2013 - 12:07 p.m.

CVE-2013-3466

2013-08-2912:07:53

CWE-287

[email protected]

web.nvd.nist.gov

cve-2013-3466

cisco

secure access control server

acs

radius

eap-fast

authentication

remote attack

arbitrary commands

vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%

JSON

The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.

Affected configurations

NVD

Node

ciscosecure_access_control_serverRange≤4.2.1.15.10

ciscosecure_access_control_serverMatch4.2.1.15.0

ciscosecure_access_control_serverMatch4.2.1.15.1

ciscosecure_access_control_serverMatch4.2.1.15.2

ciscosecure_access_control_serverMatch4.2.1.15.3

ciscosecure_access_control_serverMatch4.2.1.15.4

ciscosecure_access_control_serverMatch4.2.1.15.6

ciscosecure_access_control_serverMatch4.2.1.15.7

ciscosecure_access_control_serverMatch4.2.1.15.8

ciscosecure_access_control_serverMatch4.2.1.15.9

CPENameOperatorVersion
cisco:secure_access_control_servercisco secure access control serverle4.2.1.15.10
cisco:secure_access_control_servercisco secure access control servereq4.2.1.15.0
cisco:secure_access_control_servercisco secure access control servereq4.2.1.15.1
cisco:secure_access_control_servercisco secure access control servereq4.2.1.15.2
cisco:secure_access_control_servercisco secure access control servereq4.2.1.15.3
cisco:secure_access_control_servercisco secure access control servereq4.2.1.15.4
cisco:secure_access_control_servercisco secure access control servereq4.2.1.15.6
cisco:secure_access_control_servercisco secure access control servereq4.2.1.15.7
cisco:secure_access_control_servercisco secure access control servereq4.2.1.15.8
cisco:secure_access_control_servercisco secure access control servereq4.2.1.15.9

CPE	Name	Operator	Version
cisco:secure_access_control_server	cisco secure access control server	le	4.2.1.15.10
cisco:secure_access_control_server	cisco secure access control server	eq	4.2.1.15.0
cisco:secure_access_control_server	cisco secure access control server	eq	4.2.1.15.1
cisco:secure_access_control_server	cisco secure access control server	eq	4.2.1.15.2
cisco:secure_access_control_server	cisco secure access control server	eq	4.2.1.15.3
cisco:secure_access_control_server	cisco secure access control server	eq	4.2.1.15.4
cisco:secure_access_control_server	cisco secure access control server	eq	4.2.1.15.6
cisco:secure_access_control_server	cisco secure access control server	eq	4.2.1.15.7
cisco:secure_access_control_server	cisco secure access control server	eq	4.2.1.15.8
cisco:secure_access_control_server	cisco secure access control server	eq	4.2.1.15.9