34 matches found
Cisco Security Advisory: Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities Advisory ID: cisco-sa-20080312-ucp http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml Revision 1.0 ============ For Public...
Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Security Agent for Windows System Driver Remote Buffer Overflow Vulnerability Advisory ID: cisco-sa-20071205-csa http://www.cisco.com/warp/public/707/cisco-sa-20071205-csa.shtml Revision 1.0 For Public Release 2007...
CVE-2007-5382
The conversion utility for converting CiscoWorks Wireless LAN Solution Engine WLSE 4.1.91.0 and earlier to Cisco Wireless Control System WCS creates administrator accounts with default usernames and passwords, which allows remote attackers to gain privileges...
Cisco无线控制系统默认管理口令漏洞
BUGTRAQ ID: 26000 Cisco无线控制系统(WCS)是用于管理和控制Cisco统一无线网络的轻量级接入点和无线LAN控制器的集中系统级应用。 WCS在完成转换以后没有正确处理默认的帐号口令,远程攻击者可能利用此漏洞获取非授权访问。 CiscoWorks无线LAN解决方案引擎(WLSE)用户可以使用Cisco提供的转换工具转换到Cisco无线控制系统(WCS),这个转换工具使用默认的凭据创建和使用管理帐号。由于在转换过程中对更改这些凭据没有任何要求,因此攻击者可以利用这些拥有默认凭据的帐号在转换后获得对WCS的完全管理控制。 Cisco Wireless Control...
CiscoWorks Wireless LAN Solution Engine Cisco Wireless Control System Conversion Utility default password
Conversion utility adds default password...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in 1 PreSearch.html and 2 PreSearch.class in Cisco Secure Access Control Server ACS, VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, CallManager, IP Communicator, Unified Video Advantage...
CVE-2007-1467
The CVE-2007-1467 entry describes multiple cross-site scripting (XSS) vulnerabilities affecting Cisco Secure Access Control Server and related Cisco products. The root issue is insufficient input filtering in the search form used by PreSearch.html and PreSearch.class, allowing remote attackers to...
CVE-2006-4097
CVE-2006-4097 concerns the CSRadius service in Cisco Secure ACS for Windows and Cisco Secure ACS Solution Engine prior to 4.1. Multiple vulnerabilities in handling RADIUS Access-Request packets can cause the CSRadius process to crash, leading to a remote DoS. The Cisco CERT advisory confirms thes...
CVE-2006-4097
Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server ACS for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service crash via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at...
Multiple CiscoWorks Wireless LAN LAN Solution Engine / Cisco User Registration Tool / Cisco Hosting Solution Engine security vulnerabilities
Crossite scripting, command line escape...
Re: Multiple vulnerabilities in Linux based Cisco products
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is Cisco PSIRT's response to the privilege escalation vulnerability independently announced by Adam Pointon of Assurance.com.au and Mathieu Pepin of Axen Consulting. We would like to thank both Adam and Mathieu for bringing this issue to our...
CVE-2004-1099
Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1 are affected when EAP-TLS is enabled. They do not properly handle expired or untrusted certificates, allowing remote attackers to bypass authentication a...
CVE-2004-0391
CVE-2004-0391 affects Cisco WLSE (Wireless LAN Solution Engine) versions 2.0–2.5 and HSE (Hosting Solution Engine) 1.7–1.7.3, which contain a hardcoded username and password. The root cause is hardcoded credentials allowing remote attackers to add new users, modify existing users, and change conf...
Cisco WLSE and HSE devices contain hardcoded username and password
Overview A default account with a common username and password exists in two Cisco products. An attacker with knowledge of this account information can compromise any of these devices on the network. Description A default account with a known, fixed username and password combination exists in som...