11 results (0.005 seconds)

CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0

The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636. El módulo de autenticación EAP-FAST en Cisco Secure Access Control Server (ACS) v4.x anterior a v4.2.1.15.11, cuando la configuración de servidor RADIUS está habilitada, no analiza correctamente las identidades de usuario, lo que permite a atacantes remotos ejecutar código arbitrario a través de paquetes manipulados EAP-FAST, también conocido como Bug ID CSCui57636. • http://osvdb.org/96668 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs http://www.securitytracker.com/id/1028958 • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 10%CPEs: 1EXPL: 0

Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. Desbordamiento de búfer basado en pila en el servicio CSAdmin de Cisco Secure Access Control Server (ACS) para Windows anterior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos ejecutar código de su elección mediante una petición HTTP GET manipulada. • http://secunia.com/advisories/23629 http://securitytracker.com/id?1017475 http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml http://www.kb.cert.org/vuls/id/744249 http://www.osvdb.org/32642 http://www.securityfocus.com/bid/21900 http://www.vupen.com/english/advisories/2007/0068 https://exchange.xforce.ibmcloud.com/vulnerabilities/31323 •

CVSS: 10.0EPSS: 18%CPEs: 15EXPL: 0

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. Desbordamiento de búfer basado en pila en el servicio CSRadius de Cisco Secure Access Control Server (ACS)para Windows anterior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos ejecutar código de su elección mediante un paquete de petición de tarificación RADIUS (RADIUS Accounting-Request) manipulado. • http://osvdb.org/36126 http://secunia.com/advisories/23629 http://securitytracker.com/id?1017475 http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml http://www.kb.cert.org/vuls/id/477164 http://www.securityfocus.com/bid/21900 http://www.vupen.com/english/advisories/2007/0068 https://exchange.xforce.ibmcloud.com/vulnerabilities/31327 •

CVSS: 7.8EPSS: 2%CPEs: 2EXPL: 0

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute. Múltiples vulnerabilidades no especificadas en el servicio CSRadius de Cisco Secure Access Control Server (ACS) para Windows anetrior a 4.1 y ACS Solution Engine anterior a 4.1 permite a atacantes remotos provocar una denegación de servicio (caída) mediante un paquete de solicitud de acceso RADIUS (RADIUS Access-Request) manipulado. • http://osvdb.org/36125 http://secunia.com/advisories/23629 http://securitytracker.com/id?1017475 http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml http://www.kb.cert.org/vuls/id/443108 http://www.securityfocus.com/bid/21900 http://www.vupen.com/english/advisories/2007/0068 https://exchange.xforce.ibmcloud.com/vulnerabilities/31334 •

CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0

Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. • http://securitytracker.com/id?1016042 http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml http://www.osvdb.org/25892 http://www.securityfocus.com/archive/1/433286/100/0/threaded http://www.securityfocus.com/archive/1/433301/100/0/threaded http://www.securityfocus.com/bid/16743 http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt http://www.vupen.com/english/advisories/2006/1741 https://exchange.xforce.ibmcloud.com/vulnerabilities/26307 •