CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-3466
https://notcve.org/view.php?id=CVE-2013-3466
29 Aug 2013 — The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636. El módulo de autenticación EAP-FAST en Cisco Secure Access Control Server (ACS) v4.x anterior a v4.2.1.15.11, cuando la configuración de servidor RADIUS está habilitada, no analiza correctamente las identidad... • http://osvdb.org/96668 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 0CVE-2007-0105
https://notcve.org/view.php?id=CVE-2007-0105
09 Jan 2007 — Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. Desbordamiento de búfer basado en pila en el servicio CSAdmin de Cisco Secure Access Control Server (ACS) para Windows anterior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos ejecutar código de su elección mediante una petición HTTP GET manipulada. • http://secunia.com/advisories/23629 •
CVSS: 9.1EPSS: 2%CPEs: 2EXPL: 0CVE-2006-4097
https://notcve.org/view.php?id=CVE-2006-4097
31 Dec 2006 — Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute. Múltiples vulnerabilidades no especificadas en el servicio CSRadius de Cisco Secure Access Control Server (ACS) para Wind... • http://osvdb.org/36125 •
CVSS: 9.8EPSS: 1%CPEs: 156EXPL: 0CVE-2005-4499
https://notcve.org/view.php?id=CVE-2005-4499
22 Dec 2005 — The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS. • http://secunia.com/advisories/18141 •
CVSS: 7.5EPSS: 86%CPEs: 296EXPL: 2CVE-2005-0356 – TCP TIMESTAMPS - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0356
31 May 2005 — Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. • https://www.exploit-db.com/exploits/1008 •
CVSS: 9.8EPSS: 2%CPEs: 12EXPL: 0CVE-2003-0210
https://notcve.org/view.php?id=CVE-2003-0210
26 Apr 2003 — Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002. Desbordamiento de búfer en el servicio de administración (CSAdmin) de Cisco Secure ACS anteriores a 3.1.2 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante un parámetro de usuario largo al puerto 2002. • http://marc.info/?l=bugtraq&m=105120066126196&w=2 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2000-1055
https://notcve.org/view.php?id=CVE-2000-1055
11 Dec 2000 — Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet. • http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2000-1056
https://notcve.org/view.php?id=CVE-2000-1056
11 Dec 2000 — CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords. • http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2000-1054 – Cisco Secure ACS for Windows NT 2.42 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-1054
11 Dec 2000 — Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet. • https://www.exploit-db.com/exploits/20235 •