var-200412-0206
Vulnerability from variot
The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002. Cisco Secure Access Control Server and Secure Access Control Server Solution Engine are reported prone to multiple vulnerabilities. Cisco Secure ACS is reported prone to another denial of service vulnerability when handling Light Extensible Authentication Protocol (LEAP) authentication requests. Cisco Secure ACS is reported prone to an authentication bypass vulnerability when configured to communicate to a Novell Directory Services (NDS) database for authenticating NDS users. Among them, ACS supports NOVELL directory service. However, wrong passwords and incorrect usernames will be rejected for authentication
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0206",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure access control server",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.3"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 1.9,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.2\\(3\\)"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.3\\(1\\)"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.2\\(1\\)"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.2\\(2\\)"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "3.0"
},
{
"model": "secure acs solution engine",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "secure acs solution engine",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.2\\(2\\)_build_15"
},
{
"model": "secure acs for windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3(1)"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(3)"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(2)"
},
{
"model": "secure access control server",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.2(1)"
}
],
"sources": [
{
"db": "BID",
"id": "11047"
},
{
"db": "NVD",
"id": "CVE-2004-1458"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-272"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(3\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.3\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_acs_solution_engine:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1458"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco PSIRT\u203b psirt@cisco.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-272"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1458",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-9888",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1458",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-272",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-9888",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9888"
},
{
"db": "NVD",
"id": "CVE-2004-1458"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-272"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002. Cisco Secure Access Control Server and Secure Access Control Server Solution Engine are reported prone to multiple vulnerabilities. \nCisco Secure ACS is reported prone to another denial of service vulnerability when handling Light Extensible Authentication Protocol (LEAP) authentication requests. \nCisco Secure ACS is reported prone to an authentication bypass vulnerability when configured to communicate to a Novell Directory Services (NDS) database for authenticating NDS users. Among them, ACS supports NOVELL directory service. However, wrong passwords and incorrect usernames will be rejected for authentication",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1458"
},
{
"db": "BID",
"id": "11047"
},
{
"db": "VULHUB",
"id": "VHN-9888"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "11047",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "9182",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "12386",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2004-1458",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-272",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20040825 MULTIPLE VULNERABILITIES IN CISCO SECURE ACCESS CONTROL SERVER",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6845",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6843\u203b6845\u203b6844\u203b6846",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6844",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6843",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6846",
"trust": 0.6
},
{
"db": "CIAC",
"id": "O-203",
"trust": 0.6
},
{
"db": "XF",
"id": "17114",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-9888",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9888"
},
{
"db": "BID",
"id": "11047"
},
{
"db": "NVD",
"id": "CVE-2004-1458"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-272"
}
]
},
"id": "VAR-200412-0206",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9888"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:10:48.931000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1458"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/11047"
},
{
"trust": 1.7,
"url": "http://www.ciac.org/ciac/bulletins/o-203.shtml"
},
{
"trust": 1.7,
"url": "http://osvdb.org/9182"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/12386/"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17114"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/17114"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/6843\u203b6845\u203b6844\u203b6846"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/tacl.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9888"
},
{
"db": "BID",
"id": "11047"
},
{
"db": "NVD",
"id": "CVE-2004-1458"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-272"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-9888"
},
{
"db": "BID",
"id": "11047"
},
{
"db": "NVD",
"id": "CVE-2004-1458"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-272"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-9888"
},
{
"date": "2004-08-25T00:00:00",
"db": "BID",
"id": "11047"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-1458"
},
{
"date": "2004-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-272"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-9888"
},
{
"date": "2004-08-25T00:00:00",
"db": "BID",
"id": "11047"
},
{
"date": "2018-10-30T16:25:07.323000",
"db": "NVD",
"id": "CVE-2004-1458"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-272"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-272"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Secure ACS NOVELL Directory Service Verification Bypass Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-272"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "11047"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-272"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.