Lucene search

K
CiscoSecure Access Control Server3.0.1

8 matches found

CVE
CVE
added 2005/05/31 4:0 a.m.114 views

CVE-2005-0356

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they ap...

5CVSS6.2AI score0.86024EPSS
CVE
CVE
added 2005/12/22 11:3 a.m.59 views

CVE-2005-4499

The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges b...

7.5CVSS7.4AI score0.01897EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.44 views

CVE-2002-0160

The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a .... (modified ..) in the URL to port 2002.

5CVSS6.6AI score0.00558EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.37 views

CVE-2002-0159

Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code vi...

7.5CVSS7.7AI score0.02343EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.35 views

CVE-2002-0241

NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server.

7.5CVSS6.5AI score0.00189EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.34 views

CVE-2002-0938

Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.

7.5CVSS7.1AI score0.03109EPSS
CVE
CVE
added 2006/05/10 2:14 a.m.31 views

CVE-2006-0561

Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaint...

7.2CVSS6.4AI score0.00049EPSS
CVE
CVE
added 2003/05/12 4:0 a.m.30 views

CVE-2003-0210

Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002.

7.5CVSS7.9AI score0.02296EPSS