23 results (0.024 seconds)

CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0

The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636. El módulo de autenticación EAP-FAST en Cisco Secure Access Control Server (ACS) v4.x anterior a v4.2.1.15.11, cuando la configuración de servidor RADIUS está habilitada, no analiza correctamente las identidades de usuario, lo que permite a atacantes remotos ejecutar código arbitrario a través de paquetes manipulados EAP-FAST, también conocido como Bug ID CSCui57636. • http://osvdb.org/96668 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs http://www.securitytracker.com/id/1028958 • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 0

Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. Desbordamiento de búfer basado en pila en el servicio CSAdmin de Cisco Secure Access Control Server (ACS) para Windows anterior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos ejecutar código de su elección mediante una petición HTTP GET manipulada. • http://secunia.com/advisories/23629 http://securitytracker.com/id?1017475 http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml http://www.kb.cert.org/vuls/id/744249 http://www.osvdb.org/32642 http://www.securityfocus.com/bid/21900 http://www.vupen.com/english/advisories/2007/0068 https://exchange.xforce.ibmcloud.com/vulnerabilities/31323 •

CVSS: 10.0EPSS: 18%CPEs: 15EXPL: 0

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. Desbordamiento de búfer basado en pila en el servicio CSRadius de Cisco Secure Access Control Server (ACS)para Windows anterior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos ejecutar código de su elección mediante un paquete de petición de tarificación RADIUS (RADIUS Accounting-Request) manipulado. • http://osvdb.org/36126 http://secunia.com/advisories/23629 http://securitytracker.com/id?1017475 http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml http://www.kb.cert.org/vuls/id/477164 http://www.securityfocus.com/bid/21900 http://www.vupen.com/english/advisories/2007/0068 https://exchange.xforce.ibmcloud.com/vulnerabilities/31327 •

CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute. Múltiples vulnerabilidades no especificadas en el servicio CSRadius de Cisco Secure Access Control Server (ACS) para Windows anetrior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos provocar una denegación de servicio (caída) mediante un paquete de solicitud de acceso RADIUS (RADIUS Access-Request) manipulado. • http://osvdb.org/36125 http://secunia.com/advisories/23629 http://securitytracker.com/id?1017475 http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml http://www.kb.cert.org/vuls/id/443108 http://www.securityfocus.com/bid/21900 http://www.vupen.com/english/advisories/2007/0068 https://exchange.xforce.ibmcloud.com/vulnerabilities/31334 •

CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0

Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." Cisco Secure Access Control Server (ACS) v4.x para Windows usa la dirección IP de cliente y el número de puerto del servidor para otorgar acceso al puerto HTTP server para una sesión de administración, lo que permite a atacantes remoso superar la autenticación a través de varios métodos, conocido como "ACS Weak Session Management Vulnerability." • http://secunia.com/advisories/20816 http://securityreason.com/securityalert/1157 http://securitytracker.com/id?1016369 http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html http://www.osvdb.org/26825 http://www.securityfocus.com/archive/1/438161/100/0/threaded http://www.securityfocus.com/archive/1/438258/100/0/threaded http://www.securityfocus.com/bid/18621 http://www.vupen.com/english/advisories/2006/2524 https://exchange.xforc •