CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2004-1460
https://notcve.org/view.php?id=CVE-2004-1460
31 Dec 2004 — Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password. • http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2004-1461
https://notcve.org/view.php?id=CVE-2004-1461
31 Dec 2004 — Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address. • http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml •
CVSS: 10.0EPSS: 10%CPEs: 3EXPL: 0CVE-2004-1099
https://notcve.org/view.php?id=CVE-2004-1099
01 Dec 2004 — Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. Cisco Secure Access Control Server para Windows (ACS Windows) y Cisco Secure Access Control Server ... • http://www.ciac.org/ciac/bulletins/p-028.shtml •
CVSS: 9.8EPSS: 2%CPEs: 12EXPL: 0CVE-2003-0210
https://notcve.org/view.php?id=CVE-2003-0210
26 Apr 2003 — Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002. Desbordamiento de búfer en el servicio de administración (CSAdmin) de Cisco Secure ACS anteriores a 3.1.2 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante un parámetro de usuario largo al puerto 2002. • http://marc.info/?l=bugtraq&m=105120066126196&w=2 •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 2CVE-2002-0938 – Cisco Secure ACS for Windows NT 3.0 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0938
04 Oct 2002 — Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. • https://www.exploit-db.com/exploits/21555 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2002-1095
https://notcve.org/view.php?id=CVE-2002-1095
04 Oct 2002 — Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set. • http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0241
https://notcve.org/view.php?id=CVE-2002-0241
29 May 2002 — NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server. NDSAuth.DLL en Cisco Secure Authentication Control Server (ACS) 3.0.1 no comprueba el estado "caducado" o "deshabilitado" de los usuarios en el directorio de servicios Novell, lo cual permitiría a otros usuarios autentificarse en el servidor. • http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2002-0159
https://notcve.org/view.php?id=CVE-2002-0159
22 Apr 2002 — Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. Vulnerabilidad de formato de cadena en la función de administración de Cisco Secure Access Control Server (ACS) para Windows, 2.6.x y anteriores y 3.x a 3.01 (build 40), p... • http://marc.info/?l=bugtraq&m=101787248913611&w=2 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2002-0160
https://notcve.org/view.php?id=CVE-2002-0160
22 Apr 2002 — The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. La función de administración en Cisco Secure Access Control Control Server (ACS) para Windows, 2.6.x y anteriores, y 3.x a 3.01 (build 40), permite a atacantes remotos leer HTML, clases de Java y ficheros de imágenes fuera de la raíz del ... • http://marc.info/?l=bugtraq&m=101786689128667&w=2 •
CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 1CVE-2000-1054 – Cisco Secure ACS for Windows NT 2.42 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2000-1054
11 Dec 2000 — Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet. • https://www.exploit-db.com/exploits/20235 •