All the vulnerabilites related to cisco - secure_access_control_server
cve-2005-0356
Vulnerability from cvelistv5
Published
2005-05-31 04:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20635 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/15393 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/637934 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/15417/ | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/18662 | third-party-advisory, x_refsource_SECUNIA | |
| ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt | vendor-advisory, x_refsource_SCO | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.securityfocus.com/bid/13676 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/18222 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "tcp-ip-timestamp-dos(20635)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635"
},
{
"name": "15393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15393"
},
{
"name": "VU#637934",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/637934"
},
{
"name": "15417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15417/"
},
{
"name": "18662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18662"
},
{
"name": "SCOSA-2005.64",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt"
},
{
"name": "FreeBSD-SA-05:15",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
},
{
"name": "13676",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13676"
},
{
"name": "20050518 Vulnerability in a Variant of the TCP Timestamps Option",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml"
},
{
"name": "18222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "tcp-ip-timestamp-dos(20635)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635"
},
{
"name": "15393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15393"
},
{
"name": "VU#637934",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/637934"
},
{
"name": "15417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15417/"
},
{
"name": "18662",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18662"
},
{
"name": "SCOSA-2005.64",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt"
},
{
"name": "FreeBSD-SA-05:15",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
},
{
"name": "13676",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13676"
},
{
"name": "20050518 Vulnerability in a Variant of the TCP Timestamps Option",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml"
},
{
"name": "18222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-0356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tcp-ip-timestamp-dos(20635)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635"
},
{
"name": "15393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15393"
},
{
"name": "VU#637934",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/637934"
},
{
"name": "15417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15417/"
},
{
"name": "18662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18662"
},
{
"name": "SCOSA-2005.64",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt"
},
{
"name": "FreeBSD-SA-05:15",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
},
{
"name": "13676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13676"
},
{
"name": "20050518 Vulnerability in a Variant of the TCP Timestamps Option",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml"
},
{
"name": "18222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18222"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2005-0356",
"datePublished": "2005-05-31T04:00:00",
"dateReserved": "2005-02-11T00:00:00",
"dateUpdated": "2024-08-07T21:13:53.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-1054
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:45
Severity ?
EPSS score ?
Summary
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/1705 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5272 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:36.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"name": "1705",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1705"
},
{
"name": "ciscosecure-csadmin-bo(5272)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-02-21T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"name": "1705",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1705"
},
{
"name": "ciscosecure-csadmin-bo(5272)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"name": "1705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1705"
},
{
"name": "ciscosecure-csadmin-bo(5272)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1054",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-11-29T00:00:00",
"dateUpdated": "2024-08-08T05:45:36.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4098
Vulnerability from cvelistv5
Published
2007-01-08 23:00
Modified
2024-08-07 18:57
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/23629 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/21900 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/477164 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31327 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/0068 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1017475 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml | vendor-advisory, x_refsource_CISCO | |
| http://osvdb.org/36126 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23629"
},
{
"name": "21900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21900"
},
{
"name": "VU#477164",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/477164"
},
{
"name": "cisco-acs-csradius-bo(31327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31327"
},
{
"name": "ADV-2007-0068",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0068"
},
{
"name": "1017475",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017475"
},
{
"name": "20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
},
{
"name": "36126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23629"
},
{
"name": "21900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21900"
},
{
"name": "VU#477164",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/477164"
},
{
"name": "cisco-acs-csradius-bo(31327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31327"
},
{
"name": "ADV-2007-0068",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0068"
},
{
"name": "1017475",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017475"
},
{
"name": "20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
},
{
"name": "36126",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23629"
},
{
"name": "21900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21900"
},
{
"name": "VU#477164",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/477164"
},
{
"name": "cisco-acs-csradius-bo(31327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31327"
},
{
"name": "ADV-2007-0068",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0068"
},
{
"name": "1017475",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017475"
},
{
"name": "20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
},
{
"name": "36126",
"refsource": "OSVDB",
"url": "http://osvdb.org/36126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4098",
"datePublished": "2007-01-08T23:00:00",
"dateReserved": "2006-08-14T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0561
Vulnerability from cvelistv5
Published
2006-05-09 23:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/16743 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt | x_refsource_MISC | |
| http://securitytracker.com/id?1016042 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/25892 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2006/1741 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26307 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/433286/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/433301/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16743",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16743"
},
{
"name": "20060508 Response to Symantec SYMSA-2006-003 Cisco Secure ACS for Windows - Administrator Password Disclosure",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt"
},
{
"name": "1016042",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016042"
},
{
"name": "25892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25892"
},
{
"name": "ADV-2006-1741",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1741"
},
{
"name": "cisco-acs-admin-password-disclosure(26307)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307"
},
{
"name": "20060508 SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433286/100/0/threaded"
},
{
"name": "20060508 Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft\u0027s cryptographic API functions to obtain the plaintext version of the master key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16743",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16743"
},
{
"name": "20060508 Response to Symantec SYMSA-2006-003 Cisco Secure ACS for Windows - Administrator Password Disclosure",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt"
},
{
"name": "1016042",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016042"
},
{
"name": "25892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25892"
},
{
"name": "ADV-2006-1741",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1741"
},
{
"name": "cisco-acs-admin-password-disclosure(26307)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307"
},
{
"name": "20060508 SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433286/100/0/threaded"
},
{
"name": "20060508 Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft\u0027s cryptographic API functions to obtain the plaintext version of the master key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16743",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16743"
},
{
"name": "20060508 Response to Symantec SYMSA-2006-003 Cisco Secure ACS for Windows - Administrator Password Disclosure",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml"
},
{
"name": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt",
"refsource": "MISC",
"url": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt"
},
{
"name": "1016042",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016042"
},
{
"name": "25892",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25892"
},
{
"name": "ADV-2006-1741",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1741"
},
{
"name": "cisco-acs-admin-password-disclosure(26307)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307"
},
{
"name": "20060508 SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433286/100/0/threaded"
},
{
"name": "20060508 Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0561",
"datePublished": "2006-05-09T23:00:00",
"dateReserved": "2006-02-06T00:00:00",
"dateUpdated": "2024-08-07T16:41:28.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-1056
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:45
Severity ?
EPSS score ?
Summary
CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml | vendor-advisory, x_refsource_CISCO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5274 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/1708 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"name": "ciscosecure-ldap-bypass-authentication(5274)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5274"
},
{
"name": "1708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1708"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"name": "ciscosecure-ldap-bypass-authentication(5274)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5274"
},
{
"name": "1708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1708"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"name": "ciscosecure-ldap-bypass-authentication(5274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5274"
},
{
"name": "1708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1708"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1056",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-11-29T00:00:00",
"dateUpdated": "2024-08-08T05:45:37.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0729
Vulnerability from cvelistv5
Published
2015-05-16 14:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=38864 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1032338 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150514 Cisco Access Control Server File Inclusion Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38864"
},
{
"name": "1032338",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032338"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-30T15:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150514 Cisco Access Control Server File Inclusion Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38864"
},
{
"name": "1032338",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032338"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150514 Cisco Access Control Server File Inclusion Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38864"
},
{
"name": "1032338",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032338"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0729",
"datePublished": "2015-05-16T14:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0746
Vulnerability from cvelistv5
Published
2015-05-22 00:00
Modified
2024-08-06 04:17
Severity ?
EPSS score ?
Summary
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/viewAlert.x?alertId=38946 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1032387 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:17:32.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150521 Cisco Access Control Server Representational State Transfer Application Programming Interface Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38946"
},
{
"name": "1032387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-02T15:57:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150521 Cisco Access Control Server Representational State Transfer Application Programming Interface Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38946"
},
{
"name": "1032387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150521 Cisco Access Control Server Representational State Transfer Application Programming Interface Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38946"
},
{
"name": "1032387",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-0746",
"datePublished": "2015-05-22T00:00:00",
"dateReserved": "2015-01-07T00:00:00",
"dateUpdated": "2024-08-06T04:17:32.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1461
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17118 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/11047 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ciscosecure-csadmin-auth-bypass(17118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17118"
},
{
"name": "11047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11047"
},
{
"name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ciscosecure-csadmin-auth-bypass(17118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17118"
},
{
"name": "11047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11047"
},
{
"name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscosecure-csadmin-auth-bypass(17118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17118"
},
{
"name": "11047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11047"
},
{
"name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1461",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6345
Vulnerability from cvelistv5
Published
2015-10-30 10:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033967 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033967",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033967"
},
{
"name": "20151026 Cisco Secure Access Control Server SQL Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T21:57:02",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1033967",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033967"
},
{
"name": "20151026 Cisco Secure Access Control Server SQL Injection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033967",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033967"
},
{
"name": "20151026 Cisco Secure Access Control Server SQL Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6345",
"datePublished": "2015-10-30T10:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-1055
Vulnerability from cvelistv5
Published
2001-01-22 05:00
Modified
2024-08-08 05:45
Severity ?
EPSS score ?
Summary
Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5273 | vdb-entry, x_refsource_XF | |
| http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/1706 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/1569 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:36.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ciscosecure-tacacs-dos(5273)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5273"
},
{
"name": "20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"name": "1706",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1706"
},
{
"name": "1569",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1569"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ciscosecure-tacacs-dos(5273)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5273"
},
{
"name": "20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"name": "1706",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1706"
},
{
"name": "1569",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1569"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscosecure-tacacs-dos(5273)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5273"
},
{
"name": "20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"name": "1706",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1706"
},
{
"name": "1569",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1569"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1055",
"datePublished": "2001-01-22T05:00:00",
"dateReserved": "2000-11-29T00:00:00",
"dateUpdated": "2024-08-08T05:45:36.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3226
Vulnerability from cvelistv5
Published
2006-06-26 16:00
Modified
2024-08-07 18:23
Severity ?
EPSS score ?
Summary
Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1016369 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/26825 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/1157 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27328 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/2524 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/20816 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/438161/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/18621 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/438258/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016369"
},
{
"name": "26825",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26825"
},
{
"name": "1157",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1157"
},
{
"name": "cisco-acs-session-spoofing(27328)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
},
{
"name": "ADV-2006-2524",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2524"
},
{
"name": "20816",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20816"
},
{
"name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
},
{
"name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
},
{
"name": "18621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18621"
},
{
"name": "20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client\u0027s IP address and the server\u0027s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016369",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016369"
},
{
"name": "26825",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26825"
},
{
"name": "1157",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1157"
},
{
"name": "cisco-acs-session-spoofing(27328)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
},
{
"name": "ADV-2006-2524",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2524"
},
{
"name": "20816",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20816"
},
{
"name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
},
{
"name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
},
{
"name": "18621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18621"
},
{
"name": "20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client\u0027s IP address and the server\u0027s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016369",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016369"
},
{
"name": "26825",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26825"
},
{
"name": "1157",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1157"
},
{
"name": "cisco-acs-session-spoofing(27328)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
},
{
"name": "ADV-2006-2524",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2524"
},
{
"name": "20816",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20816"
},
{
"name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
},
{
"name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
},
{
"name": "18621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18621"
},
{
"name": "20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3226",
"datePublished": "2006-06-26T16:00:00",
"dateReserved": "2006-06-26T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-3466
Vulnerability from cvelistv5
Published
2013-08-29 10:00
Modified
2024-08-06 16:07
Severity ?
EPSS score ?
Summary
The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1028958 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/96668 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:07:37.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20130828 Cisco Secure Access Control Server Remote Command Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs"
},
{
"name": "1028958",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028958"
},
{
"name": "96668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96668"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-11T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20130828 Cisco Secure Access Control Server Remote Command Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs"
},
{
"name": "1028958",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028958"
},
{
"name": "96668",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96668"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130828 Cisco Secure Access Control Server Remote Command Execution Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs"
},
{
"name": "1028958",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028958"
},
{
"name": "96668",
"refsource": "OSVDB",
"url": "http://osvdb.org/96668"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-3466",
"datePublished": "2013-08-29T10:00:00",
"dateReserved": "2013-05-06T00:00:00",
"dateUpdated": "2024-08-06T16:07:37.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6300
Vulnerability from cvelistv5
Published
2015-09-20 14:00
Modified
2024-08-06 07:15
Severity ?
EPSS score ?
Summary
Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033615 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/viewAlert.x?alertId=41087 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:15:13.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033615"
},
{
"name": "20150918 Cisco Secure Access Control Server SSH Login Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41087"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1033615",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033615"
},
{
"name": "20150918 Cisco Secure Access Control Server SSH Login Denial of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41087"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033615",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033615"
},
{
"name": "20150918 Cisco Secure Access Control Server SSH Login Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41087"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6300",
"datePublished": "2015-09-20T14:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:15:13.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6348
Vulnerability from cvelistv5
Published
2015-10-30 10:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033970 | vdb-entry, x_refsource_SECTRACK | |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1 | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033970",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033970"
},
{
"name": "20151026 Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T21:57:02",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1033970",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033970"
},
{
"name": "20151026 Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033970",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033970"
},
{
"name": "20151026 Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6348",
"datePublished": "2015-10-30T10:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1459
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11047 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17116 | vdb-entry, x_refsource_XF | |
| http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11047"
},
{
"name": "ciscosecure-leap-radius-dos(17116)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17116"
},
{
"name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11047"
},
{
"name": "ciscosecure-leap-radius-dos(17116)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17116"
},
{
"name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11047"
},
{
"name": "ciscosecure-leap-radius-dos(17116)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17116"
},
{
"name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1459",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1099
Vulnerability from cvelistv5
Published
2004-12-01 05:00
Modified
2024-08-08 00:39
Severity ?
EPSS score ?
Summary
Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml | vendor-advisory, x_refsource_CISCO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17936 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/11577 | vdb-entry, x_refsource_BID | |
| http://www.ciac.org/ciac/bulletins/p-028.shtml | third-party-advisory, government-resource, x_refsource_CIAC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041102 Vulnerability in Cisco Secure Access Control Server EAP-TLS Authentication",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml"
},
{
"name": "ciscosecure-eaptls-auth-bypass(17936)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17936"
},
{
"name": "11577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11577"
},
{
"name": "P-028",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/p-028.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-11-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a \"cryptographically correct\" certificate with valid fields such as the username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041102 Vulnerability in Cisco Secure Access Control Server EAP-TLS Authentication",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml"
},
{
"name": "ciscosecure-eaptls-auth-bypass(17936)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17936"
},
{
"name": "11577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11577"
},
{
"name": "P-028",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/p-028.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a \"cryptographically correct\" certificate with valid fields such as the username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041102 Vulnerability in Cisco Secure Access Control Server EAP-TLS Authentication",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml"
},
{
"name": "ciscosecure-eaptls-auth-bypass(17936)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17936"
},
{
"name": "11577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11577"
},
{
"name": "P-028",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-028.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1099",
"datePublished": "2004-12-01T05:00:00",
"dateReserved": "2004-11-30T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1460
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11047 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17117 | vdb-entry, x_refsource_XF | |
| http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11047"
},
{
"name": "ciscosecure-nds-blank-authentication(17117)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17117"
},
{
"name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11047"
},
{
"name": "ciscosecure-nds-blank-authentication(17117)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17117"
},
{
"name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11047"
},
{
"name": "ciscosecure-nds-blank-authentication(17117)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17117"
},
{
"name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1460",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1458
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17114 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/9182 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/12386/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ciac.org/ciac/bulletins/o-203.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://www.securityfocus.com/bid/11047 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ciscosecure-csadmin-tcp-dos(17114)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17114"
},
{
"name": "9182",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/9182"
},
{
"name": "12386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12386/"
},
{
"name": "O-203",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-203.shtml"
},
{
"name": "11047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11047"
},
{
"name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ciscosecure-csadmin-tcp-dos(17114)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17114"
},
{
"name": "9182",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/9182"
},
{
"name": "12386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12386/"
},
{
"name": "O-203",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-203.shtml"
},
{
"name": "11047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11047"
},
{
"name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscosecure-csadmin-tcp-dos(17114)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17114"
},
{
"name": "9182",
"refsource": "OSVDB",
"url": "http://osvdb.org/9182"
},
{
"name": "12386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12386/"
},
{
"name": "O-203",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-203.shtml"
},
{
"name": "11047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11047"
},
{
"name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1458",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0159
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:42
Severity ?
EPSS score ?
Summary
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/2062 | vdb-entry, x_refsource_OSVDB | |
| http://www.iss.net/security_center/static/8742.php | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=101787248913611&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/4416 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:27.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2062",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2062"
},
{
"name": "ciscosecure-acs-format-string(8742)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8742.php"
},
{
"name": "20020403 iXsecurity.20020314.csadmin_fmt.a",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101787248913611\u0026w=2"
},
{
"name": "20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml"
},
{
"name": "4416",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2062",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2062"
},
{
"name": "ciscosecure-acs-format-string(8742)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8742.php"
},
{
"name": "20020403 iXsecurity.20020314.csadmin_fmt.a",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101787248913611\u0026w=2"
},
{
"name": "20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml"
},
{
"name": "4416",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4416"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2062",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2062"
},
{
"name": "ciscosecure-acs-format-string(8742)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8742.php"
},
{
"name": "20020403 iXsecurity.20020314.csadmin_fmt.a",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101787248913611\u0026w=2"
},
{
"name": "20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml"
},
{
"name": "4416",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4416"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0159",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-03-27T00:00:00",
"dateUpdated": "2024-08-08T02:42:27.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0105
Vulnerability from cvelistv5
Published
2007-01-09 00:00
Modified
2024-08-07 12:03
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/23629 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/21900 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31323 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/0068 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1017475 | vdb-entry, x_refsource_SECTRACK | |
| http://www.kb.cert.org/vuls/id/744249 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.osvdb.org/32642 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:03:37.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23629"
},
{
"name": "21900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21900"
},
{
"name": "cisco-acs-csadmin-bo(31323)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31323"
},
{
"name": "ADV-2007-0068",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0068"
},
{
"name": "1017475",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017475"
},
{
"name": "VU#744249",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/744249"
},
{
"name": "20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
},
{
"name": "32642",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23629"
},
{
"name": "21900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21900"
},
{
"name": "cisco-acs-csadmin-bo(31323)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31323"
},
{
"name": "ADV-2007-0068",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0068"
},
{
"name": "1017475",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017475"
},
{
"name": "VU#744249",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/744249"
},
{
"name": "20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
},
{
"name": "32642",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32642"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23629"
},
{
"name": "21900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21900"
},
{
"name": "cisco-acs-csadmin-bo(31323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31323"
},
{
"name": "ADV-2007-0068",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0068"
},
{
"name": "1017475",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017475"
},
{
"name": "VU#744249",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/744249"
},
{
"name": "20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
},
{
"name": "32642",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32642"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0105",
"datePublished": "2007-01-09T00:00:00",
"dateReserved": "2007-01-08T00:00:00",
"dateUpdated": "2024-08-07T12:03:37.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1095
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securityfocus.com/bid/5625 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/10021.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:17.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "5625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5625"
},
{
"name": "cisco-vpn-pptp-dos(10021)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10021.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the \"No Encryption\" option set."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-01-10T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "5625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5625"
},
{
"name": "cisco-vpn-pptp-dos(10021)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10021.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the \"No Encryption\" option set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"name": "5625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5625"
},
{
"name": "cisco-vpn-pptp-dos(10021)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10021.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1095",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-06T00:00:00",
"dateUpdated": "2024-08-08T03:12:17.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0241
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:42
Severity ?
EPSS score ?
Summary
NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/8106.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4048 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:28.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ciscosecure-nds-authentication(8106)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8106.php"
},
{
"name": "4048",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4048"
},
{
"name": "20020207 Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-05-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ciscosecure-nds-authentication(8106)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8106.php"
},
{
"name": "4048",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4048"
},
{
"name": "20020207 Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscosecure-nds-authentication(8106)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8106.php"
},
{
"name": "4048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4048"
},
{
"name": "20020207 Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0241",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T02:42:28.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3293
Vulnerability from cvelistv5
Published
2012-05-02 10:00
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/49101 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/53436 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49101"
},
{
"name": "53436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53436"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-05-30T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "49101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49101"
},
{
"name": "53436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53436"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-3293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49101"
},
{
"name": "53436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53436"
},
{
"name": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-3293",
"datePublished": "2012-05-02T10:00:00",
"dateReserved": "2011-08-29T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3317
Vulnerability from cvelistv5
Published
2012-05-02 10:00
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/49101 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/53436 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49101"
},
{
"name": "53436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53436"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-05-30T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "49101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49101"
},
{
"name": "53436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53436"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-3317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49101"
},
{
"name": "53436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53436"
},
{
"name": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-3317",
"datePublished": "2012-05-02T10:00:00",
"dateReserved": "2011-08-29T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6349
Vulnerability from cvelistv5
Published
2015-10-30 10:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss1 | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1033968 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20151026 Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss1"
},
{
"name": "1033968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T21:57:02",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20151026 Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss1"
},
{
"name": "1033968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033968"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151026 Cisco Secure Access Control Server Reflective Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss1"
},
{
"name": "1033968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033968"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6349",
"datePublished": "2015-10-30T10:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0210
Vulnerability from cvelistv5
Published
2003-04-26 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=ntbugtraq&m=105118056332344&w=2 | mailing-list, x_refsource_NTBUGTRAQ | |
| http://marc.info/?l=bugtraq&m=105120066126196&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.kb.cert.org/vuls/id/697049 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=105118056332344\u0026w=2"
},
{
"name": "20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105120066126196\u0026w=2"
},
{
"name": "20030423 Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml"
},
{
"name": "VU#697049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/697049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=105118056332344\u0026w=2"
},
{
"name": "20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105120066126196\u0026w=2"
},
{
"name": "20030423 Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml"
},
{
"name": "VU#697049",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/697049"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=105118056332344\u0026w=2"
},
{
"name": "20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105120066126196\u0026w=2"
},
{
"name": "20030423 Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml"
},
{
"name": "VU#697049",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/697049"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0210",
"datePublished": "2003-04-26T04:00:00",
"dateReserved": "2003-04-15T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2441
Vulnerability from cvelistv5
Published
2008-09-04 16:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1020814 | vdb-entry, x_refsource_SECTRACK | |
| http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml | vendor-advisory, x_refsource_CISCO | |
| http://secunia.com/advisories/31731 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/4216 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/archive/1/495937/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/30997 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44871 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020814",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020814"
},
{
"name": "20080903 Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"
},
{
"name": "31731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31731"
},
{
"name": "4216",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4216"
},
{
"name": "20080903 Cisco Secure ACS EAP Parsing Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"
},
{
"name": "30997",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30997"
},
{
"name": "cisco-sacs-eap-dos(44871)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020814",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020814"
},
{
"name": "20080903 Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"
},
{
"name": "31731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31731"
},
{
"name": "4216",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4216"
},
{
"name": "20080903 Cisco Secure ACS EAP Parsing Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"
},
{
"name": "30997",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30997"
},
{
"name": "cisco-sacs-eap-dos(44871)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020814",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020814"
},
{
"name": "20080903 Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"
},
{
"name": "31731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31731"
},
{
"name": "4216",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4216"
},
{
"name": "20080903 Cisco Secure ACS EAP Parsing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"
},
{
"name": "30997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30997"
},
{
"name": "cisco-sacs-eap-dos(44871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2441",
"datePublished": "2008-09-04T16:00:00",
"dateReserved": "2008-05-27T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3101
Vulnerability from cvelistv5
Published
2006-06-21 01:00
Modified
2024-08-07 18:16
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27166 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/20699 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1016317 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/437480/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/18449 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/437441/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/26531 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2006/2384 | vdb-entry, x_refsource_VUPEN | |
| http://securityreason.com/securityalert/1116 | third-party-advisory, x_refsource_SREASON | |
| http://www.cisco.com/en/US/products/sw/secursw/ps4911/tsd_products_security_response09186a00806b8bdb.html | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-acs-logonproxy-xss(27166)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27166"
},
{
"name": "20699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20699"
},
{
"name": "1016317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016317"
},
{
"name": "20060617 RE: Cisco Secure ACS Cross Site Scripting Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437480/100/0/threaded"
},
{
"name": "18449",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18449"
},
{
"name": "20060615 Cisco Secure ACS Cross Site Scripting Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437441/100/0/threaded"
},
{
"name": "26531",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26531"
},
{
"name": "ADV-2006-2384",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2384"
},
{
"name": "1116",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1116"
},
{
"name": "20060615 Cisco Secure ACS for UNIX Cross Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps4911/tsd_products_security_response09186a00806b8bdb.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cisco-acs-logonproxy-xss(27166)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27166"
},
{
"name": "20699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20699"
},
{
"name": "1016317",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016317"
},
{
"name": "20060617 RE: Cisco Secure ACS Cross Site Scripting Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437480/100/0/threaded"
},
{
"name": "18449",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18449"
},
{
"name": "20060615 Cisco Secure ACS Cross Site Scripting Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437441/100/0/threaded"
},
{
"name": "26531",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26531"
},
{
"name": "ADV-2006-2384",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2384"
},
{
"name": "1116",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1116"
},
{
"name": "20060615 Cisco Secure ACS for UNIX Cross Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps4911/tsd_products_security_response09186a00806b8bdb.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-acs-logonproxy-xss(27166)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27166"
},
{
"name": "20699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20699"
},
{
"name": "1016317",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016317"
},
{
"name": "20060617 RE: Cisco Secure ACS Cross Site Scripting Vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437480/100/0/threaded"
},
{
"name": "18449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18449"
},
{
"name": "20060615 Cisco Secure ACS Cross Site Scripting Vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437441/100/0/threaded"
},
{
"name": "26531",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26531"
},
{
"name": "ADV-2006-2384",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2384"
},
{
"name": "1116",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1116"
},
{
"name": "20060615 Cisco Secure ACS for UNIX Cross Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps4911/tsd_products_security_response09186a00806b8bdb.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3101",
"datePublished": "2006-06-21T01:00:00",
"dateReserved": "2006-06-20T00:00:00",
"dateUpdated": "2024-08-07T18:16:05.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5424
Vulnerability from cvelistv5
Published
2012-11-07 23:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs | vendor-advisory, x_refsource_CISCO | |
| http://osvdb.org/87251 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79860 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/56433 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/51194 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1027733 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20121107 Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs"
},
{
"name": "87251",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87251"
},
{
"name": "cisco-acs-sec-bypass(79860)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79860"
},
{
"name": "56433",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56433"
},
{
"name": "51194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51194"
},
{
"name": "1027733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20121107 Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs"
},
{
"name": "87251",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87251"
},
{
"name": "cisco-acs-sec-bypass(79860)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79860"
},
{
"name": "56433",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56433"
},
{
"name": "51194",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51194"
},
{
"name": "1027733",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-5424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121107 Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs"
},
{
"name": "87251",
"refsource": "OSVDB",
"url": "http://osvdb.org/87251"
},
{
"name": "cisco-acs-sec-bypass(79860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79860"
},
{
"name": "56433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56433"
},
{
"name": "51194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51194"
},
{
"name": "1027733",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2012-5424",
"datePublished": "2012-11-07T23:00:00",
"dateReserved": "2012-10-17T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0938
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/9353.php | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html | mailing-list, x_refsource_BUGTRAQ | |
| http://online.securityfocus.com/archive/1/278222 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/5026 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:49.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ciscosecure-web-css(9353)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9353.php"
},
{
"name": "20020614 XSS in CiscoSecure ACS v3.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html"
},
{
"name": "20020621 Re: XSS in CiscoSecure ACS v3.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/278222"
},
{
"name": "5026",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-09-10T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ciscosecure-web-css(9353)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9353.php"
},
{
"name": "20020614 XSS in CiscoSecure ACS v3.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html"
},
{
"name": "20020621 Re: XSS in CiscoSecure ACS v3.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/278222"
},
{
"name": "5026",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscosecure-web-css(9353)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9353.php"
},
{
"name": "20020614 XSS in CiscoSecure ACS v3.0",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html"
},
{
"name": "20020621 Re: XSS in CiscoSecure ACS v3.0",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/278222"
},
{
"name": "5026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0938",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-16T00:00:00",
"dateUpdated": "2024-08-08T03:03:49.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0160
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:42
Severity ?
EPSS score ?
Summary
The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101786689128667&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.osvdb.org/5352 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:27.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020403 iXsecurity.20020316.csadmin_dir.a",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101786689128667\u0026w=2"
},
{
"name": "20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml"
},
{
"name": "5352",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5352"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\\.. (modified ..) in the URL to port 2002."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-05-03T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020403 iXsecurity.20020316.csadmin_dir.a",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101786689128667\u0026w=2"
},
{
"name": "20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml"
},
{
"name": "5352",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5352"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\\.. (modified ..) in the URL to port 2002."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020403 iXsecurity.20020316.csadmin_dir.a",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101786689128667\u0026w=2"
},
{
"name": "20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml"
},
{
"name": "5352",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5352"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0160",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-03-27T00:00:00",
"dateUpdated": "2024-08-08T02:42:27.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6346
Vulnerability from cvelistv5
Published
2015-10-30 10:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1033969 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:20.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20151026 Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss"
},
{
"name": "1033969",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033969"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T21:57:02",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20151026 Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss"
},
{
"name": "1033969",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033969"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151026 Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss"
},
{
"name": "1033969",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033969"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6346",
"datePublished": "2015-10-30T10:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:20.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4097
Vulnerability from cvelistv5
Published
2007-01-08 23:00
Modified
2024-08-07 18:57
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31334 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/23629 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/21900 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/443108 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.vupen.com/english/advisories/2007/0068 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1017475 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/36125 | vdb-entry, x_refsource_OSVDB | |
| http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml | vendor-advisory, x_refsource_CISCO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:44.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-acs-csadmin-dos(31334)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31334"
},
{
"name": "23629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23629"
},
{
"name": "21900",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21900"
},
{
"name": "VU#443108",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/443108"
},
{
"name": "ADV-2007-0068",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0068"
},
{
"name": "1017475",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017475"
},
{
"name": "36125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36125"
},
{
"name": "20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cisco-acs-csadmin-dos(31334)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31334"
},
{
"name": "23629",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23629"
},
{
"name": "21900",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21900"
},
{
"name": "VU#443108",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/443108"
},
{
"name": "ADV-2007-0068",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0068"
},
{
"name": "1017475",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017475"
},
{
"name": "36125",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36125"
},
{
"name": "20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-acs-csadmin-dos(31334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31334"
},
{
"name": "23629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23629"
},
{
"name": "21900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21900"
},
{
"name": "VU#443108",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/443108"
},
{
"name": "ADV-2007-0068",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0068"
},
{
"name": "1017475",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017475"
},
{
"name": "36125",
"refsource": "OSVDB",
"url": "http://osvdb.org/36125"
},
{
"name": "20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4097",
"datePublished": "2007-01-08T23:00:00",
"dateReserved": "2006-08-14T00:00:00",
"dateUpdated": "2024-08-07T18:57:44.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6347
Vulnerability from cvelistv5
Published
2015-10-30 10:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1033971 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:20.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20151026 Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac"
},
{
"name": "1033971",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T21:57:02",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20151026 Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac"
},
{
"name": "1033971",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151026 Cisco Secure Access Control Server Role-Based Access Control URL Lack of Protection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac"
},
{
"name": "1033971",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6347",
"datePublished": "2015-10-30T10:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:20.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4499
Vulnerability from cvelistv5
Published
2005-12-22 11:00
Modified
2024-08-07 23:46
Severity ?
EPSS score ?
Summary
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/420020/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/16025 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml | x_refsource_MISC | |
| http://www.osvdb.org/22193 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/420103/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/18141 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:46:05.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
},
{
"name": "16025",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16025"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
},
{
"name": "22193",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22193"
},
{
"name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
},
{
"name": "18141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18141"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
},
{
"name": "16025",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16025"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
},
{
"name": "22193",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22193"
},
{
"name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
},
{
"name": "18141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18141"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
},
{
"name": "16025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16025"
},
{
"name": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml",
"refsource": "MISC",
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
},
{
"name": "22193",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22193"
},
{
"name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
},
{
"name": "18141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18141"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4499",
"datePublished": "2005-12-22T11:00:00",
"dateReserved": "2005-12-22T00:00:00",
"dateUpdated": "2024-08-07T23:46:05.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2005-05-31 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:agent_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA6F73C-A3F2-460C-8CE5-25F818E39933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:e-mail_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4288E9F-8010-43F2-AEBE-A048BDA33858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:emergency_responder:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10AFE8CE-EA67-4BC4-93BC-7D5D61D5A7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:intelligent_contact_manager:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67E326AE-12CC-4673-8FE6-7979AD489905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:interactive_voice_response:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35354155-4E01-469B-B947-3947F2490809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ip_contact_center_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4EBA42-D50B-4A72-9D7E-C1387E8F3FF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ip_contact_center_express:*:*:*:*:*:*:*:*",
"matchCriteriaId": "768CD80D-9FC2-43E9-AB69-51B403C0AC2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:meetingplace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41EEA208-7F2E-4E01-8C8C-29009161E6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:personal_assistant:1.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D2B8308C-7C36-48E1-97BC-282908B9A38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:personal_assistant:1.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "29AF8C73-C10F-4873-941B-26C832D854EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:personal_assistant:1.3\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8CE1C413-0678-4E9A-AC7F-105538D3C56E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:personal_assistant:1.3\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F4ADC051-C35B-4C68-B751-B8A2434A6E79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:personal_assistant:1.4\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "131ABD48-89ED-45B9-865B-20AF3631BA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:personal_assistant:1.4\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0BC18EEF-1DA5-402A-9C22-BCF287F2D501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:remote_monitoring_suite_option:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6DC298-5EC8-4303-A50A-8A22ABB8518E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.0:*:unix:*:*:*:*:*",
"matchCriteriaId": "22B6CD99-5B21-4961-AD47-B1722E586664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "3BF391B2-17C6-4633-8CE9-35B637BFDC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3:*:unix:*:*:*:*:*",
"matchCriteriaId": "7889030E-97F7-4CCD-8050-5250B1F58C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "26B0CB70-CC82-4FF1-882C-0712354DA113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3.5.1:*:unix:*:*:*:*:*",
"matchCriteriaId": "543A3774-28EB-406D-830E-957B5E9E7A66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3.6.1:*:unix:*:*:*:*:*",
"matchCriteriaId": "B0B5C19A-58BB-4A7A-886D-3567B37F466D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.4:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "4126D9DE-A75E-4A9E-9DA7-1477D5688872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.5:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "0354C50C-4104-4960-B1EE-F212CD3D6AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "DE9B81AC-1D16-4FDF-B438-3D3ED2BE9538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.2:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "8F515D7A-D663-49F0-8F12-1484000505FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.3:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "A668278F-8080-4295-95EB-88341478D16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.4:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "A66BED35-F385-4A0C-9416-6F007536133E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.42:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "5EA57609-522C-4431-92AE-4FF11AA67320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44D05855-C8C1-4243-8438-5A36A01A8F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "A60B49A7-B569-4485-A6B3-E14B9FB96950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "FA889730-B2FF-4219-BBCA-A4364BA61EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.3:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "8731D5CC-A6F9-48DB-B1D1-FD50CEAC63D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB11A75E-2E4B-4B83-B763-CBBC1D9DFB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "DFFE6A50-B704-42BB-8FFF-27E9F4D3B576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "109147BF-3225-48E4-8BE1-2E5B59921032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*",
"matchCriteriaId": "7CDA01B6-6887-40BB-B541-65F198D03219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "86806D6E-1BDF-4253-AEB7-D9D88D224812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1.20\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B0BD6882-379C-4EA7-8E51-124273C5A56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "680E5A81-6409-4CE7-8496-D7845FD7E851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3868E060-0278-491A-9943-1A2E435C7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F39D3441-C84A-403A-ACB4-8019579EE4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61ED039B-C3E6-4BC8-A97A-351EC9CEAF16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2793200-D95D-4BD3-8DF2-4A847230FBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0E587654-B5A0-47A4-BED6-D8DB69AEF566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F07B954-817F-47AC-BCAC-3DA697A6E2F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC1B599-05C0-4FB5-A47B-5D858DAB43A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:support_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFCEB1D7-38BB-4056-A2A5-8F344048A95A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:web_collaboration_option:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF58F1E-ED37-4334-9194-E6FC07C6AB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hitachi:alaxala:ax:*:*:*:*:*:*:*",
"matchCriteriaId": "811B1CC7-325B-4017-BAA8-2F90BBE50FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:call_manager:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14BF1392-C6E2-4946-9B9E-A64BFE7E8057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:call_manager:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EA117831-013A-4B62-90EA-9F87D0DBACF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:call_manager:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C08E2D6A-1B4C-4BDA-8FF7-8D61A393460E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:call_manager:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF7E0B10-11E0-44B7-A450-AA5AB058C6C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:call_manager:3.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C9C25529-9048-46E8-8A59-61CAD59C2C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:call_manager:3.1\\(3a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "70ADFE52-9C89-4C29-AC74-7F510326F810",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:call_manager:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54CEBAD7-7BDD-44DE-A591-C7EFD4E3F67E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:call_manager:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9306CD67-C43D-46F7-B76B-1FA0ACC6135E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:call_manager:3.3\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F3D9BE35-E2AA-42A4-BECB-1BD33F2D9F2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:call_manager:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A008ACB8-54DD-4C49-A35D-3FA7D3CBF38F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unity_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A6659C2E-691B-47B8-9659-73FF4DEE3C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unity_server:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0317B33-20DC-4E57-8AFC-097FBC6067F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unity_server:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D382C84D-C8F7-4257-B6C6-D00C595F6B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unity_server:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF21240-6275-434F-B7C3-8CC029B9ABA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unity_server:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8934A49D-9ABB-4B49-9B69-615B8CFFAF10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unity_server:2.46:*:*:*:*:*:*:*",
"matchCriteriaId": "0E60BDFE-108B-4621-9B02-774AA844407B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unity_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "856D99BB-1CB3-4A8D-9752-CC854829C65A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unity_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B13E26E7-8284-4B70-B51C-B3B96995094F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unity_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2414F807-1EAE-438D-9497-B6259AC1AA2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unity_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB4D983-658F-4B5F-B136-02A9605DAF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:unity_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D26F84D4-B6AC-4BAD-8D9D-B33842FEF9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:mgx_8230:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF93667-8DEC-4A3F-836F-51169553A5D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:mgx_8230:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "81A5B93D-90F2-4133-B9FA-A0E659DD66CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:mgx_8250:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "933C2E60-230F-41B2-B978-03BCD9C017B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:mgx_8250:1.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "920C5EDC-003F-4805-97E1-E78AD9DA6A35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_access_control_list_manager:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "826A77B1-76FA-489E-B630-916DE44067D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_access_control_list_manager:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58781C8F-0E66-467E-AF2D-44BE027CF649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "716ABF75-32B2-4E9A-A612-BA06C5C2E17D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3954D0D1-9FDF-47D0-9710-D0FB06955B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63F8D490-22C8-4638-88D4-7D629D74A68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6712BD-DE8F-40F5-AC74-B9EFE9A50CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_lms:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A81483D4-D1F5-4BDA-975B-5C22D81A6F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_vpn_security_management_solution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95875913-E9F6-47C4-845C-71F363E515C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:ciscoworks_windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14A49F9C-78F5-4FC6-A8CD-ACA45D689CB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.10_\\(05.07\\)s:*:*:*:*:*:*:*",
"matchCriteriaId": "40EA78B8-E97E-4EFF-8A59-3977A48E21E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.20_\\(03.09\\)s:*:*:*:*:*:*:*",
"matchCriteriaId": "8D214E48-0E05-4C82-81E7-8C4FA08DD7E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.20_\\(03.10\\)s:*:*:*:*:*:*:*",
"matchCriteriaId": "0CA012F9-EEE5-4085-8EEA-DCF576C09DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.30_\\(00.08\\)s:*:*:*:*:*:*:*",
"matchCriteriaId": "FAD48517-F464-4DDE-9902-1FEAE1A962AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:webns:7.30_\\(00.09\\)s:*:*:*:*:*:*:*",
"matchCriteriaId": "568B63CF-7B0D-45B2-ABC3-C333CF1B66F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nortel:business_communications_manager:200:*:*:*:*:*:*:*",
"matchCriteriaId": "F49ECAF3-0922-4C6B-A991-93504457668A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nortel:business_communications_manager:400:*:*:*:*:*:*:*",
"matchCriteriaId": "E34503FD-5462-4D07-B626-A0061EDB6DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nortel:business_communications_manager:1000:*:*:*:*:*:*:*",
"matchCriteriaId": "2401C82A-BC79-435D-B921-FEE8DD3129C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nortel:callpilot:200i:*:*:*:*:*:*:*",
"matchCriteriaId": "C5AEEAEC-04E3-4AF0-8ECB-59684CBB4D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nortel:callpilot:201i:*:*:*:*:*:*:*",
"matchCriteriaId": "396BD40F-EC2B-4F16-89BA-BCD67D318C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nortel:callpilot:702t:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7D542E-A47B-4B21-8F31-1B4AE50486FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nortel:callpilot:703t:*:*:*:*:*:*:*",
"matchCriteriaId": "68D6193D-F50D-4B86-9F4C-74C74A026176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nortel:contact_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81C976A2-0E66-4CDD-B6B7-A93DEDB47754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98FC94DE-BBD2-43C6-9435-0242BA5DCC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11050:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B327940A-8884-4B45-8981-D1F19A318DCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11150:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D01950-FFD4-4491-9C95-59AE911722F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF28C435-C036-4507-8E3F-44E722F9974A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11501:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD2203A-CE41-4353-A291-AFB117FDDA40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11503:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC289BD9-E1CD-4B22-89B0-D8D525B004A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11506:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74E298BB-ADAA-4AAB-9851-2255FCC42ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:content_services_switch_11800:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4A3675-9561-434E-A2C0-AF56CBD30560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nortel:7220_wlan_access_point:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4AED72-AD89-4FBB-89F4-1459617B882A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nortel:7250_wlan_access_point:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5EA867-A9AD-4400-A8F9-CC73C3A311A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nortel:ethernet_routing_switch_1612:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12F5436F-68B2-4A10-87CA-390684FCE921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nortel:ethernet_routing_switch_1624:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83688351-789A-495D-BA97-57FA65E443A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nortel:ethernet_routing_switch_1648:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7DA7DE-9310-4BB4-941D-01589E8B4853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nortel:optical_metro_5000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3270F2E-A780-4843-B3D1-ED85DC972AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nortel:optical_metro_5100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF6BDE8-C6B5-42DA-B16C-2258D765CB2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nortel:optical_metro_5200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B29C7C-D06E-4E08-88AA-AEDA987B19F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nortel:succession_communication_server_1000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A0CB855-CDD4-42B7-9328-64B10F5A3A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nortel:survivable_remote_gateway:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9FED9ED-570F-4050-93E8-2A31E52DCEB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nortel:universal_signaling_point:5200:*:*:*:*:*:*:*",
"matchCriteriaId": "05D8AA04-63A1-46C2-985A-84779FD7971C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:nortel:universal_signaling_point:compact_lite:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B3E8A3-0B7E-46D1-9847-6DC1B498FA87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_1105_hosting_solution_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11CED8EB-2292-4F16-8CD4-C3B56D1DF71B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_1105_wireless_lan_solution_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BC9380C-E602-4718-A98B-DA5ACD8AB69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:1st:*:*:*:*:*:*:*",
"matchCriteriaId": "419D225D-28FD-4D76-ACBF-45EA35B9973E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:2nd:*:*:*:*:*:*:*",
"matchCriteriaId": "AF809BC6-93A5-4B1D-BC3C-2A41F32D4A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:3rd:*:*:*:*:*:*:*",
"matchCriteriaId": "EED9047B-5AA5-49C1-B8D1-690D505082D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:4th:*:*:*:*:*:*:*",
"matchCriteriaId": "45096D29-930F-4FE0-A23F-8C57BF62567A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_cd1:5th:*:*:*:*:*:*:*",
"matchCriteriaId": "AC6393A1-F3A2-4D73-A845-03C9725B91A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ciscoworks_windows_wug:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80FE5EBC-DCD3-4FFA-A120-83DE51E2FA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:conference_connection:1.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "35D53AA4-4E6D-4586-A84A-634C68C0C967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:conference_connection:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38CC94AA-9702-4A7E-82C5-DE06FB7D6631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:1.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C496B665-70DA-4B98-A5D1-E2935C0CE840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F098C1-D09E-49B4-9B51-E84B6C4EA6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "34797660-41F5-4358-B70F-2A40DE48F182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "27C9E23D-AB82-4AE1-873E-C5493BB96AA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4054D69F-596F-4EB4-BE9A-E2478343F55A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CA26ABBE-9973-45FA-9E9B-82170B751219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7891202C-62AF-4590-9E5F-3514FDA2B38E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF8F9B2F-E898-4F87-A245-32A41748587B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "183667CA-6DF1-4BFB-AE32-9ABF55B7283A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBDDEC3F-52EB-4E1E-84C4-B472600059EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B58E02AE-38B4-466E-BF73-2F0B80AF7BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3928D5CF-6FC0-434C-8A80-ABDBF346C2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "314BA420-4C74-4060-8ACE-D7A7C041CF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAD7613-A5B3-4621-B981-290C7C6B8BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D1CA3337-9BEE-49C5-9EDE-8CDBE5580537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE38C50A-81FE-412E-9717-3672FAE6A6F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.0:releng:*:*:*:*:*:*",
"matchCriteriaId": "A0A3F7B6-2878-40C0-B59C-EBA8D171D2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "263F3734-7076-4EA8-B4C0-F37CFC4E979E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0419DD66-FF66-48BC-AD3B-F6AFD0551E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C3518628-08E5-4AD7-AAF6-A4E38F1CDE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B982342C-1981-4C55-8044-AFE4D87623DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "47E02BE6-4800-4940-B269-385B66AC5077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5:stable:*:*:*:*:*:*",
"matchCriteriaId": "0EB09993-B837-4352-B09D-3656F62638A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C283AD7-1C58-4CE8-A6CD-502FFE0B18BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5.1:release:*:*:*:*:*:*",
"matchCriteriaId": "0361EA35-FBD7-4E8F-8625-C8100ED7BB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:3.5.1:stable:*:*:*:*:*:*",
"matchCriteriaId": "29EAA113-2404-4ABB-826B-3AA2AA858D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A585A1-FF82-418F-90F8-072458DB7816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "E3F7EB61-55A5-4776-B0E7-3508920A6CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:releng:*:*:*:*:*:*",
"matchCriteriaId": "A442DE97-4485-4D95-B95D-58947585E455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE31DFF8-06AB-489D-A0C5-509C090283B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE1E3D8-2BB1-4FFA-9BC9-7AF347D26190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:*",
"matchCriteriaId": "1E8A6564-129A-4555-A5ED-6F65C56AE7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:*",
"matchCriteriaId": "237174A4-E030-4A0B-AD0B-5C463603EAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF49BF03-C25E-4737-84D5-892895C86C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.2:stable:*:*:*:*:*:*",
"matchCriteriaId": "5D7F8F11-1869-40E2-8478-28B4E946D3CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2019E0E-426B-43AF-8904-1B811AE171E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*",
"matchCriteriaId": "9062BAB5-D437-49BE-A384-39F62434B70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:release_p38:*:*:*:*:*:*",
"matchCriteriaId": "3BA1504C-14FE-4C21-A801-944041F2946F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:releng:*:*:*:*:*:*",
"matchCriteriaId": "21B69535-4FB6-4FAD-AAA6-C790FF82EFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.3:stable:*:*:*:*:*:*",
"matchCriteriaId": "6E53C673-9D6D-42C8-A502-033E1FC28D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "55C5FC1A-1253-4390-A4FC-573BB14EA937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:release_p42:*:*:*:*:*:*",
"matchCriteriaId": "6F4AC452-6042-409D-8673-ACAD108EE3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*",
"matchCriteriaId": "2FE1009B-371A-48E2-A456-935A1F0B7D0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.4:stable:*:*:*:*:*:*",
"matchCriteriaId": "C844A170-B5A7-4703-AF3B-67366D44EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "44308D13-D935-4FF8-AB52-F0E115ED1AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*",
"matchCriteriaId": "3D41CB12-7894-4D25-80EC-23C56171D973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:release_p32:*:*:*:*:*:*",
"matchCriteriaId": "9BCD9C12-EDAB-473F-9CC5-04F06B413720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:releng:*:*:*:*:*:*",
"matchCriteriaId": "58EBC5C8-5CA8-4881-A036-179FDEBA3CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*",
"matchCriteriaId": "09789843-6A1A-4CDB-97E8-89E82B79DDB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C001822-FDF8-497C-AC2C-B59A00E9ACD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*",
"matchCriteriaId": "118211EF-CED7-4EB5-9669-F54C8169D4AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:release_p20:*:*:*:*:*:*",
"matchCriteriaId": "58288F0F-B4CE-445C-AD93-DA73E3AD6FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:releng:*:*:*:*:*:*",
"matchCriteriaId": "CC96FBA9-6A65-4CC7-BE68-ADAF450ABE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*",
"matchCriteriaId": "9A405AE2-ECC4-4BB0-80DD-4736394FB217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB4AD26-6AF2-4F3A-B602-F231FAABA73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B86C77AB-B8FF-4376-9B4E-C88417396F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*",
"matchCriteriaId": "E5612FB0-8403-4A7E-B89A-D7BDFAC00078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:release_p17:*:*:*:*:*:*",
"matchCriteriaId": "FA699BB4-94AA-40E6-A6B6-33E3D416CDA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:releng:*:*:*:*:*:*",
"matchCriteriaId": "AFDA151E-E614-4A24-A34D-B6D5309110CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*",
"matchCriteriaId": "A7818E11-1BEB-4DAA-BA7A-A278454BA4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "441BE3A0-20F4-4972-B279-19B3DB5FA14D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:*",
"matchCriteriaId": "09BFA20B-2F31-4246-8F74-63DF1DB884EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:release_p6:*:*:*:*:*:*",
"matchCriteriaId": "5F3B4BA2-8A61-4F9A-8E46-7FA80E7F5514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
"matchCriteriaId": "2D33C6EF-DBE1-4943-83E4-1F10670DAC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "00EAEA17-033A-4A50-8E39-D61154876D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.9:pre-release:*:*:*:*:*:*",
"matchCriteriaId": "4AE93D3D-34B4-47B7-A784-61F4479FF5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.9:releng:*:*:*:*:*:*",
"matchCriteriaId": "E6288144-0CD7-45B6-B5A7-09B1DF14FBE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFD9D1C-A459-47AD-BC62-15631417A32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.10:release:*:*:*:*:*:*",
"matchCriteriaId": "4ECDEC87-0132-46B6-BD9B-A94F9B669EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.10:release_p8:*:*:*:*:*:*",
"matchCriteriaId": "6E21E50A-A368-4487-A791-87366CC5C86E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.10:releng:*:*:*:*:*:*",
"matchCriteriaId": "43E84296-9B5C-4623-A2C4-431D76FC2765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.11:release_p3:*:*:*:*:*:*",
"matchCriteriaId": "E18328E2-3CB5-4D36-8EA3-77DD909B46A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.11:releng:*:*:*:*:*:*",
"matchCriteriaId": "EF73D76B-FBB8-4D10-8393-9FAF53392A4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:4.11:stable:*:*:*:*:*:*",
"matchCriteriaId": "F177AE1C-58C2-4575-807C-ABFFC5119FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61EBA52A-2D8B-4FB5-866E-AE67CE1842E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "3B13D898-C1B6-44B9-8432-7DDB8A380E9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:release_p14:*:*:*:*:*:*",
"matchCriteriaId": "51A612F6-E4EB-4E34-8F55-79E16C74758E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:releng:*:*:*:*:*:*",
"matchCriteriaId": "5C19B266-8FE7-49ED-8678-2D522257491D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE93350-92E6-4F5C-A14C-9993CFFDBCD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "15C4D826-A419-45F5-B91C-1445DB480916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:release:*:*:*:*:*:*",
"matchCriteriaId": "0D9F2B04-A1F2-4788-A53D-C8274A758DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:release_p5:*:*:*:*:*:*",
"matchCriteriaId": "FEC7B38F-C6FB-4213-AE18-2D039A4D8E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
"matchCriteriaId": "9A5309ED-D84F-4F52-9864-5B0FEEEE5022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7C441E-444B-4DF5-8491-86805C70FB99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:release:*:*:*:*:*:*",
"matchCriteriaId": "C9CCE8F3-84EE-4571-8AAA-BF2D132E9BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.2.1:releng:*:*:*:*:*:*",
"matchCriteriaId": "8E4BC012-ADE4-468F-9A25-261CD8055694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8A80E6A-6502-4A33-83BA-7DCC606D79AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.3:release:*:*:*:*:*:*",
"matchCriteriaId": "0D6428EB-5E1A-41CB-979C-4C9402251D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.3:releng:*:*:*:*:*:*",
"matchCriteriaId": "2DCA9879-C9F5-475A-8EC9-04D151001C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.3:stable:*:*:*:*:*:*",
"matchCriteriaId": "0A94132F-4C47-49CC-B03C-8756613E9A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.4:pre-release:*:*:*:*:*:*",
"matchCriteriaId": "46A60ED5-1D92-4B40-956F-D1801CAB9039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:5.4:release:*:*:*:*:*:*",
"matchCriteriaId": "3F629879-66F0-427B-86D8-D740E0E3F6E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "E69D0E21-8C62-403E-8097-2CA403CBBB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "5D42E51C-740A-4441-8BAF-D073111B984C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "74AD256D-4BCE-41FB-AD73-C5C63A59A06D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AC387D-BB23-4EB9-A7DA-6E3F5CD8EFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*",
"matchCriteriaId": "B95B2BE4-B4E0-4B77-9999-53B9224F5CB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*",
"matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"matchCriteriaId": "B3BBBB2E-1699-4E1E-81BB-7A394DD6B31D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*",
"matchCriteriaId": "ADEBB882-1C55-4B7B-B4CF-F1B23502FD90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*",
"matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
"matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60DA30A1-3360-46BC-85B7-008D535F95BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA33E7E2-DE7B-411E-8991-718DA0988C51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1957B3C0-7F25-469B-BC3F-7B09260837ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AC46909F-DDFC-448B-BCDF-1EB343F96630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9496279F-AB43-4B53-81A6-87C651ABC4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA160D4-5CAB-44E7-880A-59DD98FEAD62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:openbsd:openbsd:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D84D7A-EB7C-4196-B8B6-7B703C8055C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:alaxala:alaxala_networks:ax5400s:*:*:*:*:*:*:*",
"matchCriteriaId": "36F8D909-66F0-4D52-B909-12A8F0F57E4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:alaxala:alaxala_networks:ax7800r:*:*:*:*:*:*:*",
"matchCriteriaId": "107670ED-9000-476A-A95E-A5DB1DF5DE2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:alaxala:alaxala_networks:ax7800s:*:*:*:*:*:*:*",
"matchCriteriaId": "2513589C-5598-419E-A1CC-1113E8E1ED47",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:aironet_ap1200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E8B5553-7295-4786-9F81-B4527EAD4F0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:aironet_ap350:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF8AA1B-17C3-49E3-BA0F-17FFCE2AAE03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:sn_5420_storage_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67CD39D2-2BD7-475C-99AF-785FC1468268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hitachi:gr3000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE18FB6-E292-47B2-8FA2-74EE122C2B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hitachi:gr4000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D377F14F-44AE-4D74-8C14-BA73AC77FDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:hitachi:gs4000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E0F430E-3C96-4012-8B4B-9DBC7FC2C696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:yamaha:rt105:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DF64DBC-0642-420F-984D-D362BB58543E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:yamaha:rt250i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49D56D5F-5E20-4273-B4BE-D603666B69EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:yamaha:rt300i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04E91CCC-2C87-4821-BECB-CCAA2C02746B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:yamaha:rt57i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E34B7C2B-399B-4892-B715-8ACA3C2FCD39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:yamaha:rtv700:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51AF5618-F041-43F9-B225-ADEAE8379C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:yamaha:rtx1000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83831044-089B-4BA9-965C-7A5B2CBBACB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:yamaha:rtx1100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52AA01AA-C220-411B-8F96-77FE54EFFAF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:yamaha:rtx1500:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B03C6BB5-8BA2-475C-86FA-69B33BF7B3E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:yamaha:rtx2000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9A4B1ED-30F3-477A-8D4E-1342AF8DEB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sn_5420_storage_router_firmware:1.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6576F05C-271D-401F-99BF-54D004B8D9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sn_5420_storage_router_firmware:1.1\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "718815AE-B1F2-4275-946A-A6FE5D5106C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sn_5420_storage_router_firmware:1.1\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8702F2BF-7B5B-4692-BEA5-EE86142892B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sn_5420_storage_router_firmware:1.1\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AE896351-297D-432B-97A5-F5732EC8B419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sn_5420_storage_router_firmware:1.1\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E4C5D0D3-F5F4-402F-880B-32A07AAA8694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sn_5420_storage_router_firmware:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEA4099-F68F-4542-815F-3716C13EBFD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sn_5428_storage_router:2-3.3.1-k9:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE654EE-28AF-42D3-A4C9-4BFB7E9D168B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sn_5428_storage_router:2-3.3.2-k9:*:*:*:*:*:*:*",
"matchCriteriaId": "89EB3837-6F21-4B2E-BA36-FCCFCAA10F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sn_5428_storage_router:2.5.1-k9:*:*:*:*:*:*:*",
"matchCriteriaId": "2A709E73-B933-4F82-B48C-338B391EB779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sn_5428_storage_router:3.2.1-k9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B6E779-3A98-48FE-943F-03F1B461E052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sn_5428_storage_router:3.2.2-k9:*:*:*:*:*:*:*",
"matchCriteriaId": "A320E9FF-16C5-4924-81E4-30AB859B5535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sn_5428_storage_router:3.3.1-k9:*:*:*:*:*:*:*",
"matchCriteriaId": "106E35AF-5D63-4D94-9B51-853F565B81B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:sn_5428_storage_router:3.3.2-k9:*:*:*:*:*:*:*",
"matchCriteriaId": "64A981F8-A671-48FD-93D8-27D03ED6DA60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04C3A906-6DB7-405A-924B-35D9C53E2453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADD5E15-8174-4C87-A8DF-A266B90D0644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63D35C2D-DD83-4337-AEA1-5B7E9D5E2EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5DFC90CF-9AAA-4D3E-9F91-1B278EA46E40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DB69D7-AEBB-428F-A229-9132D91342CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A96B67C-DD7B-441D-A18B-59F5680D10AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8D947C-2A9F-47AD-B221-C80107DD341E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "431E7D83-CC65-4A8B-8A3E-5D9C5D6BE406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A49E573B-F732-4F96-B7F2-DE7989D403CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F98E8B40-12E1-4B27-98F3-AF589E516EF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E71C845-F308-4B36-81DD-906F2C5D8226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAE8872-60E7-453E-8C6F-20D970EFAA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96240FCA-244C-40E5-9509-2F79ECF51BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "724E2496-E0D2-47AF-AC30-CC671731A37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A70E46B6-FFE2-47A6-A907-E606E8D16495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8783BBE4-A081-4409-A369-B063C4D73C46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "951A82A0-3C91-4B50-AE4D-929A4EA75F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:f5:tmos:9.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "38992D08-E1FF-4C89-982E-635C43B5BC2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old."
}
],
"id": "CVE-2005-0356",
"lastModified": "2024-11-20T23:54:57.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-31T04:00:00.000",
"references": [
{
"source": "cret@cert.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
},
{
"source": "cret@cert.org",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/15393"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15417/"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/18222"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/18662"
},
{
"source": "cret@cert.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/637934"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/13676"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/15417/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/637934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/13676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20635"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 3.0 | |
| cisco | secure_access_control_server | 3.1 | |
| cisco | secure_access_control_server | 3.2 | |
| cisco | secure_access_control_server | 3.2 | |
| cisco | secure_access_control_server | 3.2\(1\) | |
| cisco | secure_access_control_server | 3.2\(2\) | |
| cisco | secure_access_control_server | 3.2\(3\) | |
| cisco | secure_access_control_server | 3.3 | |
| cisco | secure_access_control_server | 3.3\(1\) | |
| cisco | secure_acs_solution_engine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44D05855-C8C1-4243-8438-5A36A01A8F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB11A75E-2E4B-4B83-B763-CBBC1D9DFB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "109147BF-3225-48E4-8BE1-2E5B59921032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*",
"matchCriteriaId": "7CDA01B6-6887-40BB-B541-65F198D03219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "86806D6E-1BDF-4253-AEB7-D9D88D224812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "680E5A81-6409-4CE7-8496-D7845FD7E851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3868E060-0278-491A-9943-1A2E435C7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2793200-D95D-4BD3-8DF2-4A847230FBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0E587654-B5A0-47A4-BED6-D8DB69AEF566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_acs_solution_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B17AFE8-DEC5-49BD-98EE-051454A632E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address."
}
],
"id": "CVE-2004-1461",
"lastModified": "2024-11-20T23:50:56.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11047"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17118"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-30 10:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 5.7.0.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:5.7.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6806579C-423A-455B-98E4-7A5450F85CDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-6346",
"lastModified": "2024-11-21T02:34:49.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-30T10:59:03.603",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1033969"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033969"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-30 10:59
Modified
2024-11-21 02:34
Severity ?
Summary
SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 5.7.0.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:5.7.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6806579C-423A-455B-98E4-7A5450F85CDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyeci\u00f3n SQL en el Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de una URL manipulada, tambi\u00e9n conocida como Bug ID CSCuw24700."
}
],
"id": "CVE-2015-6345",
"lastModified": "2024-11-21T02:34:49.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-30T10:59:02.430",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1033967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033967"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-22 11:03
Modified
2024-11-21 00:04
Severity ?
Summary
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:vpn_3001_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "786346D5-13D8-45C9-B91D-C2AACF675377",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A512328-2FD0-4B1D-9327-A13A0BCE9C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3020_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5D50FE2-A4E6-4EF4-A91C-88FB0AF6CCB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6548F964-B8EE-4B39-87CF-99743D41C42C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E08810E6-33B6-45FF-91C7-EED10DC023EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BD1A1AC-980F-428E-8BAF-0FC821014868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85ED2D96-5CC9-4851-986A-C9ED5E2D96CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AC150564-7413-401A-9DD8-8AD773F1D8F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA0DDDD-C987-4DA6-ADEE-77B387C26A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49696766-ECCE-4903-AA54-271EFEA58B8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "923949D1-06EC-462F-A3BC-FCAB448042A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a:*:*:*:*:*:*:*",
"matchCriteriaId": "901B1838-7169-41E5-80EF-29BB680BF937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAEAA5F-0A98-48B7-8012-9B9909243135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c:*:*:*:*:*:*:*",
"matchCriteriaId": "11DA4B03-2D30-4514-9DF5-5F0DDD4B8DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d:*:*:*:*:*:*:*",
"matchCriteriaId": "CB38834B-E4AB-43F4-888B-14B088C95594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f:*:*:*:*:*:*:*",
"matchCriteriaId": "23F8059B-3968-4D63-B1B3-74E545C918D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "701CDA0D-F932-4251-B484-8F20F0AE9003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a:*:*:*:*:*:*:*",
"matchCriteriaId": "E674AA43-905E-40E0-A70F-77D05C62C18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0D767F-7142-46D2-B3E4-7FE8E9E3285A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "057A6BA0-5F5E-4FC4-B2EC-A17968EAC2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "645AB682-2965-4C8D-B323-AB510E424407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "76F7F019-A0A4-49CD-BB28-24BF7725AC89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "175CD875-3402-4B06-A3FA-7DFFCBB44056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AF61B8A5-31E7-40F5-8B3D-CA90E50618AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9017BB-5848-4361-ABB9-C69FB3AB90FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*",
"matchCriteriaId": "207034E8-35F7-4E78-A3FC-C86D20EB8D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C544E523-15E5-4CE5-8113-53454F5D9973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09F6EBD-C3FC-4680-BE31-A766D863237D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF8C3FDA-D321-4202-A8EA-6C1464558A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B68705AB-A133-401F-9F41-64594E071816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F9092680-E154-4EAB-A2D5-B692073F894E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8EF5F3FA-5FA4-408E-BA62-3943C5DFD859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFC9764-5BF5-449F-9200-5569C13F8309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F12F2AAC-DB5B-4C28-86C5-F59490362E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "071F52AD-D59B-4673-BCBE-112B94D3EB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "80709CB0-D386-4C4F-B3EE-7A0501FD7248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AFAF42-B894-4D62-A9CF-3349A43191AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE5BB7F-D8B4-441B-9F45-56F622EEAA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:*:*:*:*:*:*:*",
"matchCriteriaId": "8B87A7EC-DC23-4075-8C4A-2317FF34BDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:*:*:*:*:*:*:*",
"matchCriteriaId": "98AC18E3-D12B-489D-9D95-6C9210235FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.f:*:*:*:*:*:*:*",
"matchCriteriaId": "E9DB969E-8BE9-46E0-B8AA-5057E320F1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*",
"matchCriteriaId": "36291ADE-3D5A-4E49-8BA7-B71CAAA226B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D953DA9F-B54E-4941-85BE-48933C98DB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12E298AD-26AC-4E1D-83D8-5C2016CC6559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "590283B1-4965-44D3-A0D4-CD90DD6B2D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "B71DAF71-5763-44D8-AD1E-5ADE8BC15120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.5.b:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA54782-93A8-47BE-863D-89CA3678BF6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.a:*:*:*:*:*:*:*",
"matchCriteriaId": "67F66A10-246D-447B-941F-F1175684F0D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.1.7.b:*:*:*:*:*:*:*",
"matchCriteriaId": "82435757-D892-4298-9176-5EC1FEC93037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A90348C-94E2-4F04-A887-E7EFFC1ACF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.7.1.f:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5E136E-9215-46A8-A40A-AE964C588A38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17196F00-9D7A-4AF6-AE1E-EA2E450A8ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3030_concentator:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32200DE2-71BA-417C-AF24-3BE549A68711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3030_concentator:4.7.1.f:*:*:*:*:*:*:*",
"matchCriteriaId": "25F3F37E-4BBD-4A0E-A1DF-64602D75207D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:pix_asa_ids:*:*:*:*:*:*:*:*",
"matchCriteriaId": "701810DC-0A46-4D01-90BD-03AAF277E4DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBC761F-A8F5-4CD8-B19C-5CE8FFC58FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.2.3_\\(110\\):*:*:*:*:*:*:*",
"matchCriteriaId": "900DC321-4CEF-4810-8247-B82FE93F48BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:pix_firewall:6.3.3_\\(133\\):*:*:*:*:*:*:*",
"matchCriteriaId": "422F8E64-2376-4E82-A1A2-916BFB7172AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE5C8F8B-4F20-4635-81FF-92F144F43793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.0:*:unix:*:*:*:*:*",
"matchCriteriaId": "22B6CD99-5B21-4961-AD47-B1722E586664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "3BF391B2-17C6-4633-8CE9-35B637BFDC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3:*:unix:*:*:*:*:*",
"matchCriteriaId": "7889030E-97F7-4CCD-8050-5250B1F58C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "26B0CB70-CC82-4FF1-882C-0712354DA113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3.5.1:*:unix:*:*:*:*:*",
"matchCriteriaId": "543A3774-28EB-406D-830E-957B5E9E7A66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3.6.1:*:unix:*:*:*:*:*",
"matchCriteriaId": "B0B5C19A-58BB-4A7A-886D-3567B37F466D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.4:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "4126D9DE-A75E-4A9E-9DA7-1477D5688872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.5:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "0354C50C-4104-4960-B1EE-F212CD3D6AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "DE9B81AC-1D16-4FDF-B438-3D3ED2BE9538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.2:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "8F515D7A-D663-49F0-8F12-1484000505FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.3:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "A668278F-8080-4295-95EB-88341478D16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.4:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "A66BED35-F385-4A0C-9416-6F007536133E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.42:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "5EA57609-522C-4431-92AE-4FF11AA67320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44D05855-C8C1-4243-8438-5A36A01A8F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "A60B49A7-B569-4485-A6B3-E14B9FB96950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "FA889730-B2FF-4219-BBCA-A4364BA61EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.3:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "8731D5CC-A6F9-48DB-B1D1-FD50CEAC63D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB11A75E-2E4B-4B83-B763-CBBC1D9DFB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "DFFE6A50-B704-42BB-8FFF-27E9F4D3B576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "109147BF-3225-48E4-8BE1-2E5B59921032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*",
"matchCriteriaId": "7CDA01B6-6887-40BB-B541-65F198D03219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "86806D6E-1BDF-4253-AEB7-D9D88D224812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1.20\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B0BD6882-379C-4EA7-8E51-124273C5A56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "680E5A81-6409-4CE7-8496-D7845FD7E851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3868E060-0278-491A-9943-1A2E435C7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F39D3441-C84A-403A-ACB4-8019579EE4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61ED039B-C3E6-4BC8-A97A-351EC9CEAF16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2793200-D95D-4BD3-8DF2-4A847230FBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0E587654-B5A0-47A4-BED6-D8DB69AEF566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F07B954-817F-47AC-BCAC-3DA697A6E2F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC1B599-05C0-4FB5-A47B-5D858DAB43A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12ECF578-84BF-4F41-9462-C09FA517F2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_501:*:*:*:*:*:*:*:*",
"matchCriteriaId": "151D5A44-2D0D-478A-B011-A0892817B814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_506:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E346F334-9BA3-4BDC-8D0F-D749A7D76E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_515:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6EE5C14-F556-48A5-BB3F-5465DC823B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_515e:*:*:*:*:*:*:*:*",
"matchCriteriaId": "286199EA-71CF-46B4-9131-F1752C2EA82D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_520:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32E437F4-1B19-4B57-9EAD-3AC04717E389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_525:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29B2019F-DF6E-4924-B0D2-37094B5265F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:pix_firewall_535:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9600B7CF-4AEB-4319-8EF4-4FEA40EF6367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C5A417-C48D-4799-A766-7B231ADF27C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "026A2C0D-AD93-49DC-AF72-8C12AD565B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "920FAF7C-2964-497B-B1F8-3B060AAB4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D499F38-A34C-44D0-A061-C3AE08CF178B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63E564B5-A39F-4837-93B8-1331CD975D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.1\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1EEDB9DD-C862-4783-9F96-88836424B298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.1\\(6b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3BD36C4A-4B90-4012-B4A5-6081C413E302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C39A993C-5A36-4D3F-B8B6-9B3252713127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B1C4F7D5-DCD0-409C-86BF-A96A5253DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8198D129-76D0-4983-BFC4-8EC724FE1B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.2\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "6BEECFAA-9DD5-4950-B9F1-CF8582225314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "49566EAC-05AF-4880-8000-351AF538E4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "23E9FBEE-3213-47FA-8CBA-C285533265FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "118CBF59-DAD8-468E-B279-F6359E4624F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4\\(7.202\\):*:*:*:*:*:*:*",
"matchCriteriaId": "957E6F8F-6881-44DE-A687-9D1E0C13F6CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:4.4\\(8\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E56328FE-F499-4325-AFEC-45BFEAB7662D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AA2E425-904C-4070-8F5F-B81BCF3147F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "604CF950-5D4B-4DC6-819E-0528B22CB05C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.1\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E12887E5-A2BB-4B1E-9621-2961458BCE21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.1\\(4.206\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3B5BE2F7-687C-477B-818B-A102526DF36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "999A0969-60EB-4B2E-A274-9F05D9F840E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "626E41D2-A5EF-493D-9486-3D9BC3793EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EBA31E4D-2215-4E4A-BCCC-B3D922CB752D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(3.210\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4F16AD2C-1CC1-43D9-A944-F67071B62E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A42FFBF7-9ADB-4F14-BED8-F2E53BEE7B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "25D16481-CA9A-4B4D-AC9D-3A4F0387FF19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(7\\):*:*:*:*:*:*:*",
"matchCriteriaId": "56E4588E-6C1F-4720-8082-0EF299435CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(9\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D24E0E92-59D7-4B16-8B0D-2FD0EE821D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ED24C763-7558-4AC0-AE10-FDA3D3078D27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4CC85ED3-B598-4A87-A2B8-8D3B52ECC2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1.200\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C84CE24E-4ED6-43D0-A234-FBD24D22A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF84B9FE-7C6C-4578-A5A9-EF0D5EEEEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "72C3E2B4-3A36-44B5-90D3-1BF9FAD98579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58BE9C02-2A01-4F6F-A6BD-BC0173561E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C558CED8-8342-46CB-9F52-580B626D320E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0F85D19E-6C26-429D-B876-F34238B9DAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FEC7CCF7-CBC6-4EDC-8EDD-884DFFFBCC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E5011A33-CD6D-4EFC-ACFD-E51C9AE726A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
"matchCriteriaId": "09063867-0E64-4630-B35B-4CCA348E4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78F98CD7-A352-483C-9968-8FB2627A7CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F97FE485-705F-4707-B6C6-0EF9E8A85D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E2B925E8-D2C2-4E8C-AC21-0C422245C482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B9170562-872E-4C32-869C-B10FF35A925E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D0927A68-8BB2-4F03-8396-E9CACC158FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "559DDBA3-2AF4-4A0C-B219-6779BA931F21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.1.5\\(104\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F76AED68-8304-4BC6-9D98-64231B08A6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9D142A-DDC8-4BD6-8C22-F242C9C0B1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5226C9CC-6933-4F10-B426-B47782C606FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "757DAE9A-B25D-4B8A-A41B-66C2897B537E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5E3DC170-E279-4725-B9EE-6840B5685CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
"matchCriteriaId": "8091EDA9-BD18-47F7-8CEC-E086238647C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F867890-74A4-4892-B99A-27DB4603B873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CE05B514-F094-4632-B25B-973F976F6409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3392428D-1A85-4472-A276-C482A78E2CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B0D74D2C-662B-4D24-89EE-3DB73F96BBF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
"matchCriteriaId": "40954985-16E6-4F37-B014-6A55166AE093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.109\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0C097809-1FEF-4417-A201-42291CC29122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5E6D5FD3-CF95-4A3B-9ADB-CEC77F73CA78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS."
}
],
"id": "CVE-2005-4499",
"lastModified": "2024-11-21T00:04:24.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-22T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18141"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22193"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16025"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 3.0 | |
| cisco | secure_access_control_server | 3.1 | |
| cisco | secure_access_control_server | 3.2 | |
| cisco | secure_access_control_server | 3.2 | |
| cisco | secure_access_control_server | 3.2\(1\) | |
| cisco | secure_access_control_server | 3.2\(2\) | |
| cisco | secure_access_control_server | 3.2\(3\) | |
| cisco | secure_access_control_server | 3.3 | |
| cisco | secure_access_control_server | 3.3\(1\) | |
| cisco | secure_acs_solution_engine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44D05855-C8C1-4243-8438-5A36A01A8F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB11A75E-2E4B-4B83-B763-CBBC1D9DFB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "109147BF-3225-48E4-8BE1-2E5B59921032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*",
"matchCriteriaId": "7CDA01B6-6887-40BB-B541-65F198D03219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "86806D6E-1BDF-4253-AEB7-D9D88D224812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "680E5A81-6409-4CE7-8496-D7845FD7E851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3868E060-0278-491A-9943-1A2E435C7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2793200-D95D-4BD3-8DF2-4A847230FBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0E587654-B5A0-47A4-BED6-D8DB69AEF566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_acs_solution_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B17AFE8-DEC5-49BD-98EE-051454A632E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002."
}
],
"id": "CVE-2004-1458",
"lastModified": "2024-11-20T23:50:55.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/9182"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/12386/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/o-203.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11047"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/9182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/12386/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/o-203.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17114"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 3.0 | |
| cisco | secure_access_control_server | 3.1 | |
| cisco | secure_access_control_server | 3.2 | |
| cisco | secure_access_control_server | 3.2 | |
| cisco | secure_access_control_server | 3.2\(1\) | |
| cisco | secure_access_control_server | 3.2\(2\) | |
| cisco | secure_access_control_server | 3.2\(3\) | |
| cisco | secure_access_control_server | 3.3 | |
| cisco | secure_access_control_server | 3.3\(1\) | |
| cisco | secure_acs_solution_engine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44D05855-C8C1-4243-8438-5A36A01A8F48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB11A75E-2E4B-4B83-B763-CBBC1D9DFB36",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "109147BF-3225-48E4-8BE1-2E5B59921032",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*",
"matchCriteriaId": "7CDA01B6-6887-40BB-B541-65F198D03219",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "86806D6E-1BDF-4253-AEB7-D9D88D224812",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "680E5A81-6409-4CE7-8496-D7845FD7E851",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3868E060-0278-491A-9943-1A2E435C7606",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2793200-D95D-4BD3-8DF2-4A847230FBE5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0E587654-B5A0-47A4-BED6-D8DB69AEF566",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:cisco:secure_acs_solution_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B17AFE8-DEC5-49BD-98EE-051454A632E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests."
}
],
"id": "CVE-2004-1459",
"lastModified": "2024-11-20T23:50:56.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11047"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17116"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-04-22 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 2.6 | |
| cisco | secure_access_control_server | 2.6.2 | |
| cisco | secure_access_control_server | 2.6.3 | |
| cisco | secure_access_control_server | 2.6.4 | |
| cisco | secure_access_control_server | 3.0 | |
| cisco | secure_access_control_server | 3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F4B3B8-7775-444B-AAC7-E330F03697B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEAC040-ACC5-4837-808A-DBBBBE2C8EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "840AFC20-FFD8-4FE0-BACC-8201848D6BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B14A32F-622D-48D5-A0D4-0B3C165185DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44D05855-C8C1-4243-8438-5A36A01A8F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84213205-06FB-4454-928A-CC7673F8020B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en la funci\u00f3n de administraci\u00f3n de Cisco Secure Access Control Server (ACS) para Windows, 2.6.x y anteriores y 3.x a 3.01 (build 40), permite a atacantes remotos hacer caer (crash) el m\u00f3dulo CSADMIN, denegando el sevicio de administraci\u00f3n, o ejecutar c\u00f3digo arbitrario mediante cadenas de formato en la URL al puerto 2002."
}
],
"id": "CVE-2002-0159",
"lastModified": "2024-11-20T23:38:26.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-04-22T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101787248913611\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8742.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/2062"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101787248913611\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8742.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/2062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4416"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-02 10:09
Modified
2024-11-21 01:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:secure_access_control_server:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19DD8E24-802E-4D20-A054-7B76FB7A83B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Solution Engine en Cisco Secure Access Control Server (ACS) v5.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCtr78192."
}
],
"id": "CVE-2011-3317",
"lastModified": "2024-11-21T01:30:14.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-02T10:09:21.550",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/49101"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/53436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53436"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-29 12:07
Modified
2024-11-21 01:53
Severity ?
Summary
The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | * | |
| cisco | secure_access_control_server | 4.2.1.15.0 | |
| cisco | secure_access_control_server | 4.2.1.15.1 | |
| cisco | secure_access_control_server | 4.2.1.15.2 | |
| cisco | secure_access_control_server | 4.2.1.15.3 | |
| cisco | secure_access_control_server | 4.2.1.15.4 | |
| cisco | secure_access_control_server | 4.2.1.15.6 | |
| cisco | secure_access_control_server | 4.2.1.15.7 | |
| cisco | secure_access_control_server | 4.2.1.15.8 | |
| cisco | secure_access_control_server | 4.2.1.15.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1386664C-E82F-421D-997D-E1861F878EF7",
"versionEndIncluding": "4.2.1.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21D44CF7-00D9-49D5-9922-8C035E6BFFFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0381BDA1-9582-4D0B-8D8D-3CD5C44CD962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14C97126-884C-4D78-AC21-3CD8D70639F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E927176-43B1-4D71-93A0-FF47AFF8BD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD5F4A2-9D04-4315-BE7C-7B3A93B48251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "109AF15B-A54C-4126-A88E-3E40F8902247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97733DD7-DC7F-4FDD-A5DA-26F36E6B8F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "37DF8916-B3B8-4778-93DF-76F5F36C338C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B4913C9F-5814-4003-9B56-841E228338CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636."
},
{
"lang": "es",
"value": "El m\u00f3dulo de autenticaci\u00f3n EAP-FAST en Cisco Secure Access Control Server (ACS) v4.x anterior a v4.2.1.15.11, cuando la configuraci\u00f3n de servidor RADIUS est\u00e1 habilitada, no analiza correctamente las identidades de usuario, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de paquetes manipulados EAP-FAST, tambi\u00e9n conocido como Bug ID CSCui57636."
}
],
"id": "CVE-2013-3466",
"lastModified": "2024-11-21T01:53:40.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-29T12:07:53.977",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/96668"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1028958"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-31 05:00
Modified
2024-11-21 00:15
Severity ?
Summary
Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | * | |
| cisco | secure_access_control_server | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CF3FC5-ACD6-49C7-930E-A8642444F9A3",
"versionEndIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "3C515B92-10F2-449C-A671-D67C6CA7AF01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en el servicio CSRadius de Cisco Secure Access Control Server (ACS) para Windows anetrior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un paquete de solicitud de acceso RADIUS (RADIUS Access-Request) manipulado."
}
],
"id": "CVE-2006-4097",
"lastModified": "2024-11-21T00:15:09.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36125"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23629"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017475"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/443108"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21900"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0068"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/443108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31334"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 3.3\(1\) | |
| cisco | secure_access_control_server | 3.3.1 | |
| cisco | secure_acs_solution_engine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0E587654-B5A0-47A4-BED6-D8DB69AEF566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F07B954-817F-47AC-BCAC-3DA697A6E2F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_acs_solution_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B17AFE8-DEC5-49BD-98EE-051454A632E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a \"cryptographically correct\" certificate with valid fields such as the username."
},
{
"lang": "es",
"value": "Cisco Secure Access Control Server para Windows (ACS Windows) y Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1 cuando el protocolo EAP-TLS est\u00e1 permitido, no maneja adecuadamente certificados expirados o no confiables, lo que permite a atacantes remotos saltarse autenticaci\u00f3n y ganar acceso no autorizado mediante un certificado \"criptogr\u00e1ficamente correcto\" con campos v\u00e1lidos, como el nombre de usuario."
}
],
"id": "CVE-2004-1099",
"lastModified": "2024-11-20T23:50:05.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/p-028.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11577"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ciac.org/ciac/bulletins/p-028.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17936"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-07 23:55
Modified
2024-11-21 01:44
Severity ?
Summary
Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 5.0 | |
| cisco | secure_access_control_server | 5.1 | |
| cisco | secure_access_control_server | 5.2 | |
| cisco | secure_access_control_server | 5.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D9BFE6-C698-493C-98C8-9A3B2962BFB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4095508A-D5DA-4609-82E7-8FA243F08CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF26A035-DBF6-4720-82D2-268EF7472F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F16F0-84E9-471D-9004-30D3078897DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted password string, aka Bug ID CSCuc65634."
},
{
"lang": "es",
"value": "Cisco Secure Access Control System (ACS) v5.x antes v5.2 Patch 11 y v5.3 antes de 5.3 Patch 7, cuando se usa una determinada configuraci\u00f3n que implica TACACS+ y LDAP, no valida correctamente las contrase\u00f1as, lo que permite a atacantes remotos evitar la autenticaci\u00f3n mediante el env\u00edo de un nombre de usuario v\u00e1lido y una contrase\u00f1a modificada a mano. Se trata de un problema tambi\u00e9n conocido como Bug ID CSCuc65634.\r\n"
}
],
"id": "CVE-2012-5424",
"lastModified": "2024-11-21T01:44:40.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-07T23:55:01.320",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://osvdb.org/87251"
},
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/51194"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/56433"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id?1027733"
},
{
"source": "ykramarz@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/87251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121107-acs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79860"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-30 10:59
Modified
2024-11-21 02:34
Severity ?
Summary
The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 5.7.0.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:5.7.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6806579C-423A-455B-98E4-7A5450F85CDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page."
},
{
"lang": "es",
"value": "El Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a usuarios remotos autenticados eludir las restricciones destinadas a RBAC, y crear un cuadro de mandos o un portlet, visitando una p\u00e1gina web no especificada."
}
],
"id": "CVE-2015-6347",
"lastModified": "2024-11-21T02:34:49.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-30T10:59:04.683",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1033971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033971"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-01-09 00:28
Modified
2024-11-21 00:24
Severity ?
Summary
Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4659DA0-9EDA-4072-9A8C-E604C08D4993",
"versionEndIncluding": "4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el servicio CSAdmin de Cisco Secure Access Control Server (ACS) para Windows anterior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n HTTP GET manipulada."
}
],
"id": "CVE-2007-0105",
"lastModified": "2024-11-21T00:24:59.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-01-09T00:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23629"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017475"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/744249"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/32642"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21900"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0068"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/744249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/32642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31323"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-12-11 05:00
Modified
2024-11-20 23:33
Severity ?
Summary
CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 2.1 | |
| cisco | secure_access_control_server | 2.3\(3\) | |
| cisco | secure_access_control_server | 2.4\(2\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "3BF391B2-17C6-4633-8CE9-35B637BFDC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3\\(3\\):*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "C8203963-D3FA-464F-9C43-C3A26B628B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.4\\(2\\):*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "674F9D34-BD92-436D-B149-CB30BC4069E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords."
}
],
"id": "CVE-2000-1056",
"lastModified": "2024-11-20T23:33:54.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-12-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1708"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5274"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-12-11 05:00
Modified
2024-11-20 23:33
Severity ?
Summary
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 2.1 | |
| cisco | secure_access_control_server | 2.3\(3\) | |
| cisco | secure_access_control_server | 2.4\(2\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "3BF391B2-17C6-4633-8CE9-35B637BFDC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3\\(3\\):*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "C8203963-D3FA-464F-9C43-C3A26B628B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.4\\(2\\):*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "674F9D34-BD92-436D-B149-CB30BC4069E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet."
}
],
"id": "CVE-2000-1054",
"lastModified": "2024-11-20T23:33:54.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-12-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1705"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5272"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-05-02 10:09
Modified
2024-11-21 01:30
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:secure_access_control_server:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19DD8E24-802E-4D20-A054-7B76FB7A83B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, aka Bug ID CSCtr78143."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el Solution Engine en Cisco Secure Access Control Server (ACS) v5.2, permite a atacantes remotos secuestrar la autentificaci\u00f3n de los administradores en solicitudes que insertan secuencias de comandos en sitios cruzados (XSS), tambi\u00e9n conocido como Bug ID CSCtr78143."
}
],
"id": "CVE-2011-3293",
"lastModified": "2024-11-21T01:30:12.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-05-02T10:09:21.380",
"references": [
{
"source": "ykramarz@cisco.com",
"url": "http://secunia.com/advisories/49101"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securityfocus.com/bid/53436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/web/software/282766937/37718/Acs-5-2-0-26-9-Readme.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53436"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-21 01:02
Modified
2024-11-21 00:12
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3:*:unix:*:*:*:*:*",
"matchCriteriaId": "7889030E-97F7-4CCD-8050-5250B1F58C26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters."
},
{
"lang": "es",
"value": "Vilnerabilidad de cross-site scripting (XSS) en LogonProxy.cgi en Cisco Secure ACS para UNIX v2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del (1) error, (2) SSL, y (3) par\u00e1metros Ok."
}
],
"id": "CVE-2006-3101",
"lastModified": "2024-11-21T00:12:49.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-21T01:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20699"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1116"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1016317"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps4911/tsd_products_security_response09186a00806b8bdb.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26531"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/437441/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/437480/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/18449"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2384"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://securitytracker.com/id?1016317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps4911/tsd_products_security_response09186a00806b8bdb.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/437441/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/437480/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/18449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27166"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-20 14:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=41087 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1033615 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=41087 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1033615 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 5.7.0.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:5.7.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6806579C-423A-455B-98E4-7A5450F85CDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694."
},
{
"lang": "es",
"value": "Vulnerabilidad en Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15), permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (ca\u00edda del proceso de pantalla SSH) a trav\u00e9s de comandos (1) CLI o (2) GUI manipulados, tambi\u00e9n conocida como Bug ID CSCuw24694."
}
],
"id": "CVE-2015-6300",
"lastModified": "2024-11-21T02:34:43.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-20T14:59:05.960",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41087"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=41087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1033615"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-16 14:59
Modified
2024-11-21 02:23
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ykramarz@cisco.com | http://tools.cisco.com/security/center/viewAlert.x?alertId=38864 | Vendor Advisory | |
| ykramarz@cisco.com | http://www.securitytracker.com/id/1032338 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/viewAlert.x?alertId=38864 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032338 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 5.5\(0.1\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:5.5\\(0.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "491CCEC6-B54C-42A3-99DC-11285A77E3D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de un ataque de la inclusi\u00f3n de ficheros, tambi\u00e9n conocido como Bug ID CSCuu11005."
}
],
"id": "CVE-2015-0729",
"lastModified": "2024-11-21T02:23:36.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-16T14:59:03.093",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38864"
},
{
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032338"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-12-11 05:00
Modified
2024-11-20 23:33
Severity ?
Summary
Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 2.1 | |
| cisco | secure_access_control_server | 2.3\(3\) | |
| cisco | secure_access_control_server | 2.4\(2\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "3BF391B2-17C6-4633-8CE9-35B637BFDC79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3\\(3\\):*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "C8203963-D3FA-464F-9C43-C3A26B628B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.4\\(2\\):*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "674F9D34-BD92-436D-B149-CB30BC4069E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet."
}
],
"id": "CVE-2000-1055",
"lastModified": "2024-11-20T23:33:54.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-12-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/1569"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1706"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5273"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/1569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5273"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-22 00:59
Modified
2024-11-21 02:23
Severity ?
Summary
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 5.5\(0.46.2\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:5.5\\(0.46.2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7B8068E6-4E05-49EA-B5CD-DA44F3A73BB0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022."
},
{
"lang": "es",
"value": "La API REST en Cisco Access Control Server (ACS) 5.5(0.46.2) permite a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n de API) mediante el env\u00edo de muchas solicitudes, tambi\u00e9n conocido como Bug ID CSCut62022."
}
],
"id": "CVE-2015-0746",
"lastModified": "2024-11-21T02:23:38.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-05-22T00:59:00.097",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38946"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1032387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032387"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-10 02:14
Modified
2024-11-21 00:06
Severity ?
Summary
Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 3.0 | |
| cisco | secure_access_control_server | 3.0.1 | |
| cisco | secure_access_control_server | 3.0.3 | |
| cisco | secure_access_control_server | 3.1 | |
| cisco | secure_access_control_server | 3.1.1 | |
| cisco | secure_access_control_server | 3.2 | |
| cisco | secure_access_control_server | 3.2 | |
| cisco | secure_access_control_server | 3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "A60B49A7-B569-4485-A6B3-E14B9FB96950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "FA889730-B2FF-4219-BBCA-A4364BA61EAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.3:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "8731D5CC-A6F9-48DB-B1D1-FD50CEAC63D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "810AD2C1-62DB-4839-9E05-CC4210371F64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "DFFE6A50-B704-42BB-8FFF-27E9F4D3B576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "535D5672-AE3F-4D5F-A253-C650298DBD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*",
"matchCriteriaId": "7CDA01B6-6887-40BB-B541-65F198D03219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "E01BE6C6-4DB4-47BA-BBE6-C06359320ABB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft\u0027s cryptographic API functions to obtain the plaintext version of the master key."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nCisco, Secure Access Control Server, 4.0.1",
"id": "CVE-2006-0561",
"lastModified": "2024-11-21T00:06:44.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-10T02:14:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016042"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25892"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/433286/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16743"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1741"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/433286/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/433301/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26307"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-26 16:05
Modified
2024-11-21 00:13
Severity ?
Summary
Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 4.0 | |
| cisco | secure_access_control_server | 4.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "FE1B1FFE-25B4-465B-8816-BB8F3C028EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.0.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "85E5B98E-72EB-4AB5-BC55-4392D22B30BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client\u0027s IP address and the server\u0027s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\""
},
{
"lang": "es",
"value": "Cisco Secure Access Control Server (ACS) v4.x para Windows usa la direcci\u00f3n IP de cliente y el n\u00famero de puerto del servidor para otorgar acceso al puerto HTTP server para una sesi\u00f3n de administraci\u00f3n, lo que permite a atacantes remoso superar la autenticaci\u00f3n a trav\u00e9s de varios m\u00e9todos, conocido como \"ACS Weak Session Management Vulnerability.\""
}
],
"id": "CVE-2006-3226",
"lastModified": "2024-11-21T00:13:07.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-26T16:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20816"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1157"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016369"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26825"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18621"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2524"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-04 16:41
Modified
2024-11-21 00:46
Severity ?
Summary
Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_acs | * | |
| cisco | secure_access_control_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_acs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E137A796-4F14-4BFB-81C5-11A145DDD1F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:secure_access_control_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACD712D-B8B8-4551-925E-27E541C8001F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet."
},
{
"lang": "es",
"value": "Cisco Secure ACS versiones 3.x anteriores a 3.3 (4) Build 12, Parche 7, versiones 4.0.x, versiones 4.1.x anteriores a 4.1 (4) Build 13, Parche 11 y versiones 4.2.x anteriores a 4.2 (0) Build 124, Parche 4 no maneja apropiadamente un paquete de EAP Response en el que el valor del campo length excede la longitud actual del paquete, lo que permite a los usuarios autenticados remotos causar una denegaci\u00f3n de servicio (bloqueo del servicio CSRadius y CSAuth) o posiblemente ejecutar c\u00f3digo arbitrario por medio de un paquete RADIUS dise\u00f1ado (1) EAP-Response/Identity, (2) EAP-Response/MD5, o (3) EAP-Response/TLS Message Attribute."
}
],
"id": "CVE-2008-2441",
"lastModified": "2024-11-21T00:46:53.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-04T16:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31731"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4216"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30997"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020814"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 3.0 | |
| cisco | secure_access_control_server | 3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44D05855-C8C1-4243-8438-5A36A01A8F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84213205-06FB-4454-928A-CC7673F8020B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe."
}
],
"id": "CVE-2002-0938",
"lastModified": "2024-11-20T23:40:13.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/278222"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9353.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/278222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9353.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/5026"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-04-22 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 2.6 | |
| cisco | secure_access_control_server | 2.6.2 | |
| cisco | secure_access_control_server | 2.6.3 | |
| cisco | secure_access_control_server | 2.6.4 | |
| cisco | secure_access_control_server | 3.0 | |
| cisco | secure_access_control_server | 3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F4B3B8-7775-444B-AAC7-E330F03697B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEAC040-ACC5-4837-808A-DBBBBE2C8EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "840AFC20-FFD8-4FE0-BACC-8201848D6BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B14A32F-622D-48D5-A0D4-0B3C165185DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44D05855-C8C1-4243-8438-5A36A01A8F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84213205-06FB-4454-928A-CC7673F8020B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\\.. (modified ..) in the URL to port 2002."
},
{
"lang": "es",
"value": "La funci\u00f3n de administraci\u00f3n en Cisco Secure Access Control Control Server (ACS) para Windows, 2.6.x y anteriores, y 3.x a 3.01 (build 40), permite a atacantes remotos leer HTML, clases de Java y ficheros de im\u00e1genes fuera de la ra\u00edz del web mediante un .... (ataque punto punto modificado) en la URL al puerto 2002."
}
],
"id": "CVE-2002-0160",
"lastModified": "2024-11-20T23:38:27.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-04-22T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101786689128667\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101786689128667\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5352"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 3.0 | |
| cisco | secure_access_control_server | 3.1 | |
| cisco | secure_access_control_server | 3.2 | |
| cisco | secure_access_control_server | 3.2 | |
| cisco | secure_access_control_server | 3.2\(1\) | |
| cisco | secure_access_control_server | 3.2\(2\) | |
| cisco | secure_access_control_server | 3.2\(3\) | |
| cisco | secure_access_control_server | 3.3 | |
| cisco | secure_access_control_server | 3.3\(1\) | |
| cisco | secure_acs_solution_engine | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44D05855-C8C1-4243-8438-5A36A01A8F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB11A75E-2E4B-4B83-B763-CBBC1D9DFB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "109147BF-3225-48E4-8BE1-2E5B59921032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*",
"matchCriteriaId": "7CDA01B6-6887-40BB-B541-65F198D03219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "86806D6E-1BDF-4253-AEB7-D9D88D224812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "680E5A81-6409-4CE7-8496-D7845FD7E851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3868E060-0278-491A-9943-1A2E435C7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2793200-D95D-4BD3-8DF2-4A847230FBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0E587654-B5A0-47A4-BED6-D8DB69AEF566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_acs_solution_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B17AFE8-DEC5-49BD-98EE-051454A632E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password."
}
],
"id": "CVE-2004-1460",
"lastModified": "2024-11-20T23:50:56.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11047"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17117"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-31 05:00
Modified
2024-11-21 00:15
Severity ?
Summary
Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 3.0 | |
| cisco | secure_access_control_server | 3.1 | |
| cisco | secure_access_control_server | 3.2 | |
| cisco | secure_access_control_server | 3.2\(1\) | |
| cisco | secure_access_control_server | 3.2\(1.20\) | |
| cisco | secure_access_control_server | 3.2\(2\) | |
| cisco | secure_access_control_server | 3.2\(3\) | |
| cisco | secure_access_control_server | 3.2.1 | |
| cisco | secure_access_control_server | 3.2.2 | |
| cisco | secure_access_control_server | 3.3 | |
| cisco | secure_access_control_server | 3.3\(1\) | |
| cisco | secure_access_control_server | 3.3.1 | |
| cisco | secure_access_control_server | 3.3.2 | |
| cisco | secure_access_control_server | 4.0 | |
| cisco | secure_access_control_server | 4.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44D05855-C8C1-4243-8438-5A36A01A8F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB11A75E-2E4B-4B83-B763-CBBC1D9DFB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "109147BF-3225-48E4-8BE1-2E5B59921032",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "86806D6E-1BDF-4253-AEB7-D9D88D224812",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1.20\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B0BD6882-379C-4EA7-8E51-124273C5A56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "680E5A81-6409-4CE7-8496-D7845FD7E851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3868E060-0278-491A-9943-1A2E435C7606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F39D3441-C84A-403A-ACB4-8019579EE4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61ED039B-C3E6-4BC8-A97A-351EC9CEAF16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2793200-D95D-4BD3-8DF2-4A847230FBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0E587654-B5A0-47A4-BED6-D8DB69AEF566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F07B954-817F-47AC-BCAC-3DA697A6E2F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0CC1B599-05C0-4FB5-A47B-5D858DAB43A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036B1C12-5327-40D1-BEC3-ABEC878CF776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88F2EA27-B8D1-4DD1-AD14-C9B281A496C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el servicio CSRadius de Cisco Secure Access Control Server (ACS)para Windows anterior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un paquete de petici\u00f3n de tarificaci\u00f3n RADIUS (RADIUS Accounting-Request) manipulado."
}
],
"id": "CVE-2006-4098",
"lastModified": "2024-11-21T00:15:09.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36126"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23629"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017475"
},
{
"source": "cve@mitre.org",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/477164"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21900"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0068"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/477164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31327"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-30 10:59
Modified
2024-11-21 02:34
Severity ?
Summary
The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 5.7.0.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:5.7.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6806579C-423A-455B-98E4-7A5450F85CDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page."
},
{
"lang": "es",
"value": "La interfaz web de generaci\u00f3n de reporte en el Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a usuarios remotos autenticados eludir las restricciones de RBAC, y leer reportes o informaci\u00f3n de estado, visitando una p\u00e1gina web no especificada."
}
],
"id": "CVE-2015-6348",
"lastModified": "2024-11-21T02:34:49.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-30T10:59:06.010",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1033970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_rbac1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033970"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-30 10:59
Modified
2024-11-21 02:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 5.7.0.15 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:5.7.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6806579C-423A-455B-98E4-7A5450F85CDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la interfaz web en el Solution Engine en Cisco Secure Access Control Server (ACS) 5.7(0.15) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-6349",
"lastModified": "2024-11-21T02:34:49.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-10-30T10:59:07.107",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss1"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1033968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151023-acs_xss1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033968"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | vpn_3000_concentrator_series_software | 2.0 | |
| cisco | vpn_3000_concentrator_series_software | 2.5.2.a | |
| cisco | vpn_3000_concentrator_series_software | 2.5.2.b | |
| cisco | vpn_3000_concentrator_series_software | 2.5.2.c | |
| cisco | vpn_3000_concentrator_series_software | 2.5.2.d | |
| cisco | secure_access_control_server | 2.6.3 | |
| cisco | vpn_3002_hardware_client | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "923949D1-06EC-462F-A3BC-FCAB448042A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a:*:*:*:*:*:*:*",
"matchCriteriaId": "901B1838-7169-41E5-80EF-29BB680BF937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAEAA5F-0A98-48B7-8012-9B9909243135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c:*:*:*:*:*:*:*",
"matchCriteriaId": "11DA4B03-2D30-4514-9DF5-5F0DDD4B8DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d:*:*:*:*:*:*:*",
"matchCriteriaId": "CB38834B-E4AB-43F4-888B-14B088C95594",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.3:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "A668278F-8080-4295-95EB-88341478D16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12ECF578-84BF-4F41-9462-C09FA517F2A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the \"No Encryption\" option set."
}
],
"id": "CVE-2002-1095",
"lastModified": "2024-11-20T23:40:34.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10021.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10021.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5625"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-05-29 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.iss.net/security_center/static/8106.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/4048 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/8106.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4048 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:windows_nt:*:*:*:*:*",
"matchCriteriaId": "FA889730-B2FF-4219-BBCA-A4364BA61EAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server."
},
{
"lang": "es",
"value": "NDSAuth.DLL en Cisco Secure Authentication Control Server (ACS) 3.0.1 no comprueba el estado \"caducado\" o \"deshabilitado\" de los usuarios en el directorio de servicios Novell, lo cual permitir\u00eda a otros usuarios autentificarse en el servidor."
}
],
"id": "CVE-2002-0241",
"lastModified": "2024-11-20T23:38:38.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-05-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8106.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/8106.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4048"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-05-12 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | secure_access_control_server | 2.1 | |
| cisco | secure_access_control_server | 2.3 | |
| cisco | secure_access_control_server | 2.4 | |
| cisco | secure_access_control_server | 2.5 | |
| cisco | secure_access_control_server | 2.6 | |
| cisco | secure_access_control_server | 2.6.2 | |
| cisco | secure_access_control_server | 2.6.3 | |
| cisco | secure_access_control_server | 2.6.4 | |
| cisco | secure_access_control_server | 3.0 | |
| cisco | secure_access_control_server | 3.0.1 | |
| cisco | secure_access_control_server | 3.0.3 | |
| cisco | secure_access_control_server | 3.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA412967-874D-4BA1-ABD9-FD062CF82E68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F4732A1F-119B-4D7C-A47A-0DEF9EA53319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D946BB7-92EF-4A45-841F-0FC3169ECCB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "63BE0513-DE40-4576-A9F7-2C10D0059396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F4B3B8-7775-444B-AAC7-E330F03697B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEAC040-ACC5-4837-808A-DBBBBE2C8EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "840AFC20-FFD8-4FE0-BACC-8201848D6BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9B14A32F-622D-48D5-A0D4-0B3C165185DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44D05855-C8C1-4243-8438-5A36A01A8F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84213205-06FB-4454-928A-CC7673F8020B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "12451AA2-43AA-4E19-90FE-A435DA6C5D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC923B9-80BC-45DC-89D7-5185957A8F13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el servicio de administraci\u00f3n (CSAdmin) de Cisco Secure ACS anteriores a 3.1.2 permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario mediante un par\u00e1metro de usuario largo al puerto 2002."
}
],
"id": "CVE-2003-0210",
"lastModified": "2024-11-20T23:44:13.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-05-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105120066126196\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=ntbugtraq\u0026m=105118056332344\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/697049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105120066126196\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=ntbugtraq\u0026m=105118056332344\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/697049"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}