cvelistv5 - CVE-2006-3226

CVE-2006-3226 (GCVE-0-2006-3226)

Vulnerability from cvelistv5 – Published: 2006-06-26 16:00 – Updated: 2024-08-07 18:23

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://securitytracker.com/id?1016369	vdb-entryx_refsource_SECTRACK
	http://www.osvdb.org/26825	vdb-entryx_refsource_OSVDB
	http://securityreason.com/securityalert/1157	third-party-advisoryx_refsource_SREASON
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2006/2524	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/20816	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/438161/100…	mailing-listx_refsource_BUGTRAQ
	http://www.cisco.com/en/US/products/sw/secursw/ps…	vendor-advisoryx_refsource_CISCO
	http://www.securityfocus.com/bid/18621	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/438258/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:23:21.118Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1016369",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016369"
          },
          {
            "name": "26825",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/26825"
          },
          {
            "name": "1157",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1157"
          },
          {
            "name": "cisco-acs-session-spoofing(27328)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
          },
          {
            "name": "ADV-2006-2524",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2524"
          },
          {
            "name": "20816",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20816"
          },
          {
            "name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
          },
          {
            "name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
          },
          {
            "name": "18621",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18621"
          },
          {
            "name": "20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client\u0027s IP address and the server\u0027s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1016369",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016369"
        },
        {
          "name": "26825",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/26825"
        },
        {
          "name": "1157",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1157"
        },
        {
          "name": "cisco-acs-session-spoofing(27328)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
        },
        {
          "name": "ADV-2006-2524",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2524"
        },
        {
          "name": "20816",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20816"
        },
        {
          "name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
        },
        {
          "name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
        },
        {
          "name": "18621",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18621"
        },
        {
          "name": "20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3226",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client\u0027s IP address and the server\u0027s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1016369",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016369"
            },
            {
              "name": "26825",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/26825"
            },
            {
              "name": "1157",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1157"
            },
            {
              "name": "cisco-acs-session-spoofing(27328)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
            },
            {
              "name": "ADV-2006-2524",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2524"
            },
            {
              "name": "20816",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20816"
            },
            {
              "name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
            },
            {
              "name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
              "refsource": "CISCO",
              "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
            },
            {
              "name": "18621",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18621"
            },
            {
              "name": "20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3226",
    "datePublished": "2006-06-26T16:00:00",
    "dateReserved": "2006-06-26T00:00:00",
    "dateUpdated": "2024-08-07T18:23:21.118Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:4.0:*:windows:*:*:*:*:*\", \"matchCriteriaId\": \"FE1B1FFE-25B4-465B-8816-BB8F3C028EEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_access_control_server:4.0.1:*:windows:*:*:*:*:*\", \"matchCriteriaId\": \"85E5B98E-72EB-4AB5-BC55-4392D22B30BA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client\u0027s IP address and the server\u0027s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \\\"ACS Weak Session Management Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Cisco Secure Access Control Server (ACS) v4.x para Windows usa la direcci\\u00f3n IP de cliente y el n\\u00famero de puerto del servidor para otorgar acceso al puerto HTTP server para una sesi\\u00f3n de administraci\\u00f3n, lo que permite a atacantes remoso superar la autenticaci\\u00f3n a trav\\u00e9s de varios m\\u00e9todos, conocido como \\\"ACS Weak Session Management Vulnerability.\\\"\"}]",
      "id": "CVE-2006-3226",
      "lastModified": "2024-11-21T00:13:07.023",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2006-06-26T16:05:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/20816\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/1157\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1016369\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/26825\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/438161/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/438258/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/18621\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2524\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27328\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/20816\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/1157\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1016369\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/26825\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/438161/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/438258/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/18621\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2524\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27328\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3226\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-06-26T16:05:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client\u0027s IP address and the server\u0027s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \\\"ACS Weak Session Management Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Cisco Secure Access Control Server (ACS) v4.x para Windows usa la direcci\u00f3n IP de cliente y el n\u00famero de puerto del servidor para otorgar acceso al puerto HTTP server para una sesi\u00f3n de administraci\u00f3n, lo que permite a atacantes remoso superar la autenticaci\u00f3n a trav\u00e9s de varios m\u00e9todos, conocido como \\\"ACS Weak Session Management Vulnerability.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:4.0:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"FE1B1FFE-25B4-465B-8816-BB8F3C028EEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_access_control_server:4.0.1:*:windows:*:*:*:*:*\",\"matchCriteriaId\":\"85E5B98E-72EB-4AB5-BC55-4392D22B30BA\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/20816\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/1157\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016369\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/26825\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/438161/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/438258/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/18621\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2524\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27328\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/20816\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/1157\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016369\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/26825\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/438161/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/438258/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18621\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2524\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27328\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200606-0321

Vulnerability from variot - Updated: 2023-12-18 12:23

Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability.". This issue is due to the application's failure to properly ensure that remote web-based users are properly authenticated. This issue allows remote attackers to gain administrative access to the web-based administrative interface of the affected application. Cisco Secure ACS for Windows versions in the 4.x series were identified as vulnerable to this issue; other versions and platforms may also be affected. This issue is being tracked by Cisco Bug IDs CSCse26754 and CSCse26719. This helps attackers to hijack management sessions because port numbers are assigned in a sequential fashion without using strong authentication.

Want to join the Secunia Security Team?

Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports.

http://secunia.com/secunia_security_specialist/

TITLE: Cisco Secure ACS Session Management Security Issue

SECUNIA ADVISORY ID: SA20816

VERIFY ADVISORY: http://secunia.com/advisories/20816/

CRITICAL: Less critical

IMPACT: Security Bypass

WHERE:

From local network

SOFTWARE: Cisco Secure ACS 4.x http://secunia.com/product/10635/

DESCRIPTION: Darren Bounds has reported a security issue in Cisco Secure ACS, which can be exploited by malicious people to bypass certain security restrictions.

The problem is caused due to the web-based management interface handling session management in an insecure way based on the assigned service port and the client's IP address.

Successful exploitation requires that the attacker uses the same IP address as the logged in administrative user.

The security issue has been reported in version 4.0 for Windows. Other versions may also be affected.

SOLUTION: Only connect to the web-based management interface from dedicated management systems.

PROVIDED AND/OR DISCOVERED BY: Darren Bounds

ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20060623-acs.shtml

Darren Bounds: http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047301.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200606-0321",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "4.0.1"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "4.0"
      },
      {
        "model": "secure access control server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.x"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "18621"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004041"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-497"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:4.0.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:4.0:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3226"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Darren Bounds dbounds@gmail.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-497"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-3226",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2006-3226",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-19334",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-3226",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200606-497",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-19334",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19334"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004041"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-497"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client\u0027s IP address and the server\u0027s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\". This issue is due to the application\u0027s failure to properly ensure that remote web-based users are properly authenticated. \nThis issue allows remote attackers to gain administrative access to the web-based administrative interface of the affected application. \nCisco Secure ACS for Windows versions in the 4.x series were identified as vulnerable to this issue; other versions and platforms may also be affected. \nThis issue is being tracked by Cisco Bug IDs CSCse26754 and CSCse26719. This helps attackers to hijack management sessions because port numbers are assigned in a sequential fashion without using strong authentication. \n\n----------------------------------------------------------------------\n\nWant to join the Secunia Security Team?\n\nSecunia offers a position as a security specialist, where your daily\nwork involves reverse engineering of software and exploit code,\nauditing of source code, and analysis of vulnerability reports. \n\nhttp://secunia.com/secunia_security_specialist/\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco Secure ACS Session Management Security Issue\n\nSECUNIA ADVISORY ID:\nSA20816\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/20816/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nCisco Secure ACS 4.x\nhttp://secunia.com/product/10635/\n\nDESCRIPTION:\nDarren Bounds has reported a security issue in Cisco Secure ACS,\nwhich can be exploited by malicious people to bypass certain security\nrestrictions. \n\nThe problem is caused due to the web-based management interface\nhandling session management in an insecure way based on the assigned\nservice port and the client\u0027s IP address. \n\nSuccessful exploitation requires that the attacker uses the same IP\naddress as the logged in administrative user. \n\nThe security issue has been reported in version 4.0 for Windows. \nOther versions may also be affected. \n\nSOLUTION:\nOnly connect to the web-based management interface from dedicated\nmanagement systems. \n\nPROVIDED AND/OR DISCOVERED BY:\nDarren Bounds\n\nORIGINAL ADVISORY:\nCisco:\nhttp://www.cisco.com/warp/public/707/cisco-sr-20060623-acs.shtml\n\nDarren Bounds:\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047301.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3226"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004041"
      },
      {
        "db": "BID",
        "id": "18621"
      },
      {
        "db": "VULHUB",
        "id": "VHN-19334"
      },
      {
        "db": "PACKETSTORM",
        "id": "47709"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-3226",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "18621",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "20816",
        "trust": 1.8
      },
      {
        "db": "SREASON",
        "id": "1157",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-2524",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "26825",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1016369",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004041",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-497",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20060623 RE: CISCO SECURE ACS WEAK SESSION MANAGEMENT VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060623 CISCO SECURE ACS WEAK SESSION MANAGEMENT VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "CISCO",
        "id": "20060623 CISCO SECURE ACS WEAK SESSION MANAGEMENT VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "27328",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-19334",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "47709",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19334"
      },
      {
        "db": "BID",
        "id": "18621"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004041"
      },
      {
        "db": "PACKETSTORM",
        "id": "47709"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-497"
      }
    ]
  },
  "id": "VAR-200606-0321",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19334"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:23:57.908000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-acs-session-spoofing(27328)",
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/27328"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004041"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3226"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/18621"
      },
      {
        "trust": 1.7,
        "url": "http://www.cisco.com/en/us/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/26825"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016369"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/20816"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/1157"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/2524"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3226"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3226"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/27328"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/438258/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/438161/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/2524"
      },
      {
        "trust": 0.4,
        "url": "http://www.cisco.com/warp/public/707/cisco-sr-20060623-acs.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/sw/secursw/ps2086/index.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/438161"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/438258"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/10635/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-june/047301.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/20816/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19334"
      },
      {
        "db": "BID",
        "id": "18621"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004041"
      },
      {
        "db": "PACKETSTORM",
        "id": "47709"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-497"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-19334"
      },
      {
        "db": "BID",
        "id": "18621"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004041"
      },
      {
        "db": "PACKETSTORM",
        "id": "47709"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-497"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-06-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19334"
      },
      {
        "date": "2006-06-23T00:00:00",
        "db": "BID",
        "id": "18621"
      },
      {
        "date": "2014-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-004041"
      },
      {
        "date": "2006-06-26T22:21:41",
        "db": "PACKETSTORM",
        "id": "47709"
      },
      {
        "date": "2006-06-26T16:05:00",
        "db": "NVD",
        "id": "CVE-2006-3226"
      },
      {
        "date": "2006-06-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200606-497"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19334"
      },
      {
        "date": "2006-06-26T04:50:00",
        "db": "BID",
        "id": "18621"
      },
      {
        "date": "2014-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-004041"
      },
      {
        "date": "2018-10-18T16:46:21.047000",
        "db": "NVD",
        "id": "CVE-2006-3226"
      },
      {
        "date": "2006-06-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200606-497"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-497"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Windows for  Cisco Secure Access Control Server Vulnerabilities that bypass authentication",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004041"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access verification error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-497"
      }
    ],
    "trust": 0.6
  }
}

GSD-2006-3226

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-3226

Aliases

CVE-2006-3226

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3226",
    "description": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client\u0027s IP address and the server\u0027s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\"",
    "id": "GSD-2006-3226"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3226"
      ],
      "details": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client\u0027s IP address and the server\u0027s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\"",
      "id": "GSD-2006-3226",
      "modified": "2023-12-13T01:19:57.695734Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3226",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client\u0027s IP address and the server\u0027s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1016369",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016369"
          },
          {
            "name": "26825",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/26825"
          },
          {
            "name": "1157",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/1157"
          },
          {
            "name": "cisco-acs-session-spoofing(27328)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
          },
          {
            "name": "ADV-2006-2524",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2524"
          },
          {
            "name": "20816",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20816"
          },
          {
            "name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
          },
          {
            "name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
            "refsource": "CISCO",
            "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
          },
          {
            "name": "18621",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18621"
          },
          {
            "name": "20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:4.0.1:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:4.0:*:windows:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3226"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client\u0027s IP address and the server\u0027s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
            },
            {
              "name": "18621",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/18621"
            },
            {
              "name": "1016369",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016369"
            },
            {
              "name": "20816",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/20816"
            },
            {
              "name": "26825",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/26825"
            },
            {
              "name": "1157",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/1157"
            },
            {
              "name": "ADV-2006-2524",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/2524"
            },
            {
              "name": "cisco-acs-session-spoofing(27328)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
            },
            {
              "name": "20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
            },
            {
              "name": "20060623 Cisco Secure ACS Weak Session Management Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:46Z",
      "publishedDate": "2006-06-26T16:05Z"
    }
  }
}

FKIE_CVE-2006-3226

Vulnerability from fkie_nvd - Published: 2006-06-26 16:05 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/20816
cve@mitre.org	http://securityreason.com/securityalert/1157
cve@mitre.org	http://securitytracker.com/id?1016369
cve@mitre.org	http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html	Vendor Advisory
cve@mitre.org	http://www.osvdb.org/26825
cve@mitre.org	http://www.securityfocus.com/archive/1/438161/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/438258/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/18621
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2524
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27328
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20816
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/1157
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016369
af854a3a-2127-422b-91ae-364da2661108	http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/26825
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/438161/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/438258/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18621
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2524
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27328

Impacted products

	Vendor	Product	Version
	cisco	secure_access_control_server	4.0
	cisco	secure_access_control_server	4.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.0:*:windows:*:*:*:*:*",
              "matchCriteriaId": "FE1B1FFE-25B4-465B-8816-BB8F3C028EEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.0.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "85E5B98E-72EB-4AB5-BC55-4392D22B30BA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client\u0027s IP address and the server\u0027s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Cisco Secure Access Control Server (ACS) v4.x para Windows usa la direcci\u00f3n IP de cliente y el n\u00famero de puerto del servidor para otorgar acceso al puerto HTTP server para una sesi\u00f3n de administraci\u00f3n, lo que permite a atacantes remoso superar la autenticaci\u00f3n a trav\u00e9s de varios m\u00e9todos, conocido como \"ACS Weak Session Management Vulnerability.\""
    }
  ],
  "id": "CVE-2006-3226",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-06-26T16:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20816"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1157"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016369"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/26825"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/18621"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2524"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/26825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2J6Q-WWQQ-GQM4

Vulnerability from github – Published: 2022-05-01 07:07 – Updated: 2022-05-01 07:07

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3226"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-26T16:05:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client\u0027s IP address and the server\u0027s port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka \"ACS Weak Session Management Vulnerability.\"",
  "id": "GHSA-2j6q-wwqq-gqm4",
  "modified": "2022-05-01T07:07:06Z",
  "published": "2022-05-01T07:07:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3226"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27328"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20816"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/1157"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016369"
    },
    {
      "type": "WEB",
      "url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/26825"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/438161/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/438258/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18621"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2524"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-3226 (GCVE-0-2006-3226)

VAR-200606-0321

GSD-2006-3226

FKIE_CVE-2006-3226

GHSA-2J6Q-WWQQ-GQM4

Tags

Sightings

Nomenclature