CVE-2006-3226
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.111 Low
EPSS
Percentile
95.2%
Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client’s IP address and the server’s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka “ACS Weak Session Management Vulnerability.”
Affected configurations
References
secunia.com/advisories/20816
securityreason.com/securityalert/1157
securitytracker.com/id?1016369
www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html
www.osvdb.org/26825
www.securityfocus.com/archive/1/438161/100/0/threaded
www.securityfocus.com/archive/1/438258/100/0/threaded
www.securityfocus.com/bid/18621
www.vupen.com/english/advisories/2006/2524
exchange.xforce.ibmcloud.com/vulnerabilities/27328
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7 High
AI Score
Confidence
Low
0.111 Low
EPSS
Percentile
95.2%