Lucene search
K
CiscoSecure Access Control Server

34 matches found

CVE
CVE
added 2006/06/21 1:0 a.m.150 views

CVE-2006-3101

Cisco Secure ACS for UNIX 2.3 is affected by a Cross-site scripting (XSS) vulnerability in LogonProxy.cgi. The issue allows remote attackers to inject arbitrary web script or HTML through the (1) error, (2) SSL, and (3) Ok parameters. This is a client-agnostic web vulnerability in the LogonProxy....

4.3CVSS5.7AI score0.23595EPSS
CVE
CVE
added 2005/05/31 4:0 a.m.136 views

CVE-2005-0356

CVE-2005-0356 affects F5 BIG-IP BIG-IP LTM 9.0.0–9.0.5; other listed BIG-IP lines are not affected (e.g., 9.1.x, 9.2.x, 9.3.x, 9.4.x, 9.6.x are Not Affected). The issue is described as inadequate validation for TCP segments with PAWS/timestamps, enabling a remote attacker to cause a denial of ser...

5CVSS6.2AI score0.83284EPSS
CVE
CVE
added 2005/12/22 11:0 a.m.70 views

CVE-2005-4499

CVE-2005-4499 affects Cisco PIX and VPN 3000 concentrators via the Downloadable RADIUS ACLs feature. When an ACL is created on CS ACS, the system generates a random internal name that doubles as a hidden username and password, enabling a remote attacker to sniff the cleartext username from a RADI...

7.5CVSS7.4AI score0.01965EPSS
CVE
CVE
added 2015/05/16 2:0 p.m.65 views

CVE-2015-0729

Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) is affected by a file-inclusion based XSS vulnerability (Bug ID CSCuu11005). An unauthenticated, remote attacker can inject arbitrary script/HTML via crafted parameters, with exploitation described in Cisco advisory and CVSSv2 bas...

4.3CVSS5.8AI score0.0111EPSS
CVE
CVE
added 2013/08/29 10:0 a.m.61 views

CVE-2013-3466

Cisco Secure ACS (Windows) 4.x (including 4.0–4.2.1.15) is affected when configured as a RADIUS server. The EAP-FAST authentication module fails to properly parse user identities, allowing remote attackers to send crafted EAP-FAST packets to execute arbitrary commands on the ACS host. The vulnera...

9.3CVSS8AI score0.05122EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.60 views

CVE-2000-1055

CVE-2000-1055 corresponds to a buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier. The vulnerability can be triggered by processing a large TACACS+ packet, enabling remote attackers to cause a denial of service and potentially execute arbitrary commands. The linked sources (NVD, CVE rec...

10CVSS8.2AI score0.04005EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.60 views

CVE-2000-1056

CiscoSecure ACS Server 2.4(2) and earlier versions are affected by an LDAP authentication bypass when the LDAP server allows null passwords. The vulnerability allows remote attackers to bypass authentication and access the server, with partial impact to confidentiality, integrity, and availabilit...

7.5CVSS7.4AI score0.01692EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.57 views

CVE-2002-0160

CVE-2002-0160 affects Cisco Secure Access Control Server (ACS) for Windows, versions 2.6.x and earlier and 3.x through 3.01 (build 40). The vulnerability allows remote attackers to read files (HTML, Java class, images) outside the web root by crafting a modified .... path in the URL aimed at port...

5CVSS6.6AI score0.02384EPSS
CVE
CVE
added 2008/09/04 4:0 p.m.57 views

CVE-2008-2441

CVE-2008-2441 affects Cisco Secure ACS (CS ACS) for Windows and related ACS products. The vulnerability is triggered by specially crafted EAP-Response packets where the length field exceeds the actual packet length, causing memory/processing errors in CSRadius and CSAuth. This can lead to denial ...

7.5CVSS7.4AI score0.02952EPSS
CVE
CVE
added 2015/09/20 2:0 p.m.57 views

CVE-2015-6300

CVE-2015-6300 affects Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15). A vulnerability in the SSH feature allows remote authenticated users to cause a denial of service by issuing crafted commands via CLI or GUI, triggering an SSH screen process crash (Bug ID CSCuw24694). The C...

4CVSS6.5AI score0.0159EPSS
CVE
CVE
added 2015/10/30 10:0 a.m.57 views

CVE-2015-6349

CVE-2015-6349 affects Cisco Secure Access Control Server (ACS) 5.7(0.15) Solution Engine, where the web interface is vulnerable to reflecte d cross-site scripting due to lack of input validation on user-supplied input. An unauthenticated, remote attacker could exploit a crafted URL to inject arbi...

4.3CVSS5.7AI score0.0136EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.56 views

CVE-2004-1460

CVE-2004-1460 affects Cisco Secure Access Control Server (ACS) 3.2(3) and earlier. When configured with an anonymous bind in Novell Directory Services (NDS), and authenticating NDS users with NDS, remote attackers can gain unauthorized access to AAA clients by using a blank password. The NVD note...

7.5CVSS6.8AI score0.01572EPSS
CVE
CVE
added 2012/11/07 11:0 p.m.56 views

CVE-2012-5424

CVE-2012-5424 affects Cisco Secure Access Control System (ACS) 5.x prior to 5.2 Patch 11 and 5.3 prior to 5.3 Patch 7. When configured with LDAP as external identity store and TACACS+ for authentication, the system fails to properly validate the user-supplied password, enabling an unauthenticated...

5CVSS7.2AI score0.02452EPSS
CVE
CVE
added 2015/10/30 10:0 a.m.56 views

CVE-2015-6348

The CVE-2015-6348 issue affects Cisco Secure Access Control Server (ACS) 5.7(0.15) where the report-generation web interface contains RBAC validation weaknesses. An authenticated remote user could access restricted report/status pages via the report-generation web interface, potentially exposing ...

4CVSS6.4AI score0.01368EPSS
CVE
CVE
added 2015/10/30 10:0 a.m.55 views

CVE-2015-6345

CVE-2015-6345 affects Cisco Secure ACS 5.7(0.15) with the Solution Engine. Root cause: lack of input validation in SQL queries, enabling a remote authenticated attacker to run arbitrary SQL commands via a crafted URL. Impact: partial confidentiality, integrity, and availability. Cisco has publish...

6.5CVSS8AI score0.01361EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.54 views

CVE-2002-1095

The vulnerability CVE-2002-1095 affects Cisco VPN 3000 Concentrator firmware prior to 2.5.2(F). When encryption is enabled, a remote attacker using a Windows PPTP client with the No Encryption option can trigger a denial of service (reload). The description does not provide additional root-cause ...

5CVSS6.6AI score0.01013EPSS
CVE
CVE
added 2015/10/30 10:0 a.m.54 views

CVE-2015-6346

CVE-2015-6346 is a cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) web interface, specifically in ACS 5.7(0.15). The root cause, per Cisco’s advisory, is a lack of input validation in DOM handling, enabling a DOM-based XSS when a crafted URL is processed. The ...

4.3CVSS5.7AI score0.0136EPSS
CVE
CVE
added 2007/01/09 12:0 a.m.53 views

CVE-2007-0105

The CVE-2007-0105 issue affects Cisco Secure Access Control Server (ACS) and ACS Solution Engine prior to version 4.1, where the CSAdmin web server mishandles specially crafted HTTP GET requests, causing a stack-based buffer overflow. This allows a remote attacker to execute arbitrary code or cra...

7.5CVSS8AI score0.11017EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.50 views

CVE-2000-1054

CVE-2000-1054 affects CiscoSecure ACS Server 2.4(2) and earlier, via the CSAdmin module. A buffer overflow in processing a large packet may allow remote denial of service and possibly arbitrary command execution. The provided documents do not specify mitigation or patch details.

10CVSS8.2AI score0.08386EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.50 views

CVE-2004-1099

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1 are affected when EAP-TLS is enabled. They do not properly handle expired or untrusted certificates, allowing remote attackers to bypass authentication a...

10CVSS7.1AI score0.10195EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.50 views

CVE-2004-1458

The CVE-2004-1458 entry concerns Cisco Secure Access Control Server (ACS) 3.2(2) build 15, specifically the CSAdmin web administration interface. The vulnerability allows remote attackers to cause a denial of service (hang) by flooding port 2002 with TCP connections. The available documents confi...

5CVSS6.7AI score0.01798EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.49 views

CVE-2002-0159

The vulnerability CVE-2002-0159 affects Cisco Secure Access Control Server (ACS) for Windows (2.6.x and earlier; 3.x through 3.01 build 40). A format string flaw in the CSADMIN module allows remote attackers to crash the administration function or execute arbitrary code via crafted format strings...

7.5CVSS7.7AI score0.05439EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.49 views

CVE-2002-0938

CVE-2002-0938 describes a cross-site scripting vulnerability in CiscoSecure ACS 3.0, allowing remote attackers to execute arbitrary scripts or HTML as other web users via the action parameter in a link to setup.exe. The available sources reiterate the same description but do not provide additiona...

7.5CVSS7.1AI score0.03061EPSS
CVE
CVE
added 2007/01/08 11:0 p.m.49 views

CVE-2006-4098

CVE-2006-4098 describes a stack-based buffer overflow in the CSRadius service of Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine prior to 4.1. A remote attacker who can craft a RADIUS Accounting-Request packet may execute arbitrary code or crash the CSRadius service, ...

10CVSS8AI score0.12718EPSS
CVE
CVE
added 2015/10/30 10:0 a.m.49 views

CVE-2015-6347

CVE-2015-6347 affects Cisco Secure Access Control Server (ACS) 5.7(0.15) where the Solution Engine allows remote authenticated users to bypass RBAC and create a dashboard or portlet by visiting an unrestricted web page. The root cause is flawed RBAC validation when creating administrative dashboa...

4CVSS6.4AI score0.0137EPSS
CVE
CVE
added 2006/06/26 4:0 p.m.48 views

CVE-2006-3226

CVE-2006-3226 affects Cisco Secure Access Control Server (ACS) 4.x for Windows. The vulnerability allows bypassing authentication by using the client’s IP address together with the server’s port to gain access to an HTTP server port for an administration session (weak session management). Root ca...

7.5CVSS7.4AI score0.02344EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.47 views

CVE-2002-0241

The vulnerability CVE-2002-0241 affects Cisco Secure Authentication Control Server (ACS) 3.0.1 via the NDSAuth.DLL, which fails to validate the Expired/Disabled state of NetWare/NDS users. As a result, such accounts could authenticate to the ACS despite being expired or disabled. The issue is cau...

7.5CVSS6.5AI score0.01619EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.47 views

CVE-2004-1461

Cisco Secure Access Control Server (ACS) 3.2(3) and earlier is vulnerable to an authentication bypass: during GUI login a separate unauthenticated TCP connection is spawned on a random port, and an attacker on the same IP can connect to that port to bypass authentication. This issue is documented...

7.5CVSS7AI score0.01679EPSS
CVE
CVE
added 2006/05/09 11:0 p.m.47 views

CVE-2006-0561

Cisco Secure ACS for Windows 3.x stores ACS administrator passwords and the master key in the Windows registry with insecure permissions. The master key and encrypted passwords can be decrypted locally (and over the network if remote registry access is enabled) using Microsoft Crypto API function...

7.2CVSS6.4AI score0.00361EPSS
CVE
CVE
added 2012/05/02 10:0 a.m.47 views

CVE-2011-3293

Cisco ACS 5.2 Solution Engine contains multiple CSRF vulnerabilities that allow an attacker to hijack administrator sessions by submitting requests that insert XSS sequences (Bug ID CSCtr78143). Reported across several sources (NVD, CVE records, PT Security/PT-2011-26) and historically discussed ...

6.8CVSS6.6AI score0.01126EPSS
CVE
CVE
added 2015/05/22 12:0 a.m.47 views

CVE-2015-0746

Cisco ACS REST API Denial of Service vulnerability (CVE-2015-0746) affects ACS 5.5(0.46.2). A remote attacker can cause API outages by sending large numbers of requests to the REST API (Bug CSCut62022). Affected component is the REST API; root cause described in Cisco advisory. Remediation status...

5CVSS6.8AI score0.01242EPSS
CVE
CVE
added 2007/01/08 11:0 p.m.46 views

CVE-2006-4097

CVE-2006-4097 concerns the CSRadius service in Cisco Secure ACS for Windows and Cisco Secure ACS Solution Engine prior to 4.1. Multiple vulnerabilities in handling RADIUS Access-Request packets can cause the CSRadius process to crash, leading to a remote DoS. The Cisco CERT advisory confirms thes...

7.8CVSS7.3AI score0.04123EPSS
CVE
CVE
added 2012/05/02 10:0 a.m.44 views

CVE-2011-3317

Cisco ACS 5.2 Solution Engine has multiple XSS vulnerabilities (CVE-2011-3317) that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (Bug ID CSCtr78192). Affected product: Cisco Secure Access Control Server (ACS) 5.2. Documented impact: cross-site scripting wi...

4.3CVSS5.8AI score0.01148EPSS
CVE
CVE
added 2003/04/26 4:0 a.m.42 views

CVE-2003-0210

The CVE-2003-0210 issue is a buffer overflow in Cisco Secure ACS for Windows CSAdmin (web management on port 2002). The root cause is CSAdmin handling a login request with an excessively long user parameter, triggering a buffer overflow that can cause DoS and may allow arbitrary code execution wi...

7.5CVSS7.9AI score0.05894EPSS