CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2004-1459
https://notcve.org/view.php?id=CVE-2004-1459
Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests. • http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml http://www.securityfocus.com/bid/11047 https://exchange.xforce.ibmcloud.com/vulnerabilities/17116 •
CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 0CVE-2004-1458
https://notcve.org/view.php?id=CVE-2004-1458
The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002. • http://osvdb.org/9182 http://secunia.com/advisories/12386 http://www.ciac.org/ciac/bulletins/o-203.shtml http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml http://www.securityfocus.com/bid/11047 https://exchange.xforce.ibmcloud.com/vulnerabilities/17114 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2004-1461
https://notcve.org/view.php?id=CVE-2004-1461
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address. • http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml http://www.securityfocus.com/bid/11047 https://exchange.xforce.ibmcloud.com/vulnerabilities/17118 •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2004-1099
https://notcve.org/view.php?id=CVE-2004-1099
Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. Cisco Secure Access Control Server para Windows (ACS Windows) y Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1 cuando el protocolo EAP-TLS está permitido, no maneja adecuadamente certificados expirados o no confiables, lo que permite a atacantes remotos saltarse autenticación y ganar acceso no autorizado mediante un certificado "criptográficamente correcto" con campos válidos, como el nombre de usuario. • http://www.ciac.org/ciac/bulletins/p-028.shtml http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml http://www.securityfocus.com/bid/11577 https://exchange.xforce.ibmcloud.com/vulnerabilities/17936 •
CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0CVE-2003-0210
https://notcve.org/view.php?id=CVE-2003-0210
Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002. Desbordamiento de búfer en el servicio de administración (CSAdmin) de Cisco Secure ACS anteriores a 3.1.2 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante un parámetro de usuario largo al puerto 2002. • http://marc.info/?l=bugtraq&m=105120066126196&w=2 http://marc.info/?l=ntbugtraq&m=105118056332344&w=2 http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml http://www.kb.cert.org/vuls/id/697049 •