Lucene search
HistoryDec 31, 2004 - 5:00 a.m.
CVE-2004-1461
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
73.3%
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.
Affected configurations
Node
ciscosecure_access_control_serverMatch3.0
ORciscosecure_access_control_serverMatch3.1
ORciscosecure_access_control_serverMatch3.2
ORciscosecure_access_control_serverMatch3.2windows_server
ORciscosecure_access_control_serverMatch3.2\(1\)
ORciscosecure_access_control_serverMatch3.2\(2\)
ORciscosecure_access_control_serverMatch3.2\(3\)
ORciscosecure_access_control_serverMatch3.3
ORciscosecure_access_control_serverMatch3.3\(1\)
ORciscosecure_acs_solution_engine
Related
cvelist
cvelist
CVE-2004-1461
2005-02-13 05:00:00
cve
cve
CVE-2004-1461
2005-02-13 05:00:00
cisco
cisco
Multiple Vulnerabilities in Cisco Secure Access Control Server
2004-08-25 16:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
73.3%
Related for NVD:CVE-2004-1461