CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2008-2441
https://notcve.org/view.php?id=CVE-2008-2441
04 Sep 2008 — Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribut... • http://secunia.com/advisories/31731 • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 10EXPL: 0CVE-2004-1461
https://notcve.org/view.php?id=CVE-2004-1461
31 Dec 2004 — Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address. • http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2004-1458
https://notcve.org/view.php?id=CVE-2004-1458
31 Dec 2004 — The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002. • http://osvdb.org/9182 •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2004-1459
https://notcve.org/view.php?id=CVE-2004-1459
31 Dec 2004 — Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests. • http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2004-1460
https://notcve.org/view.php?id=CVE-2004-1460
31 Dec 2004 — Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password. • http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml •
CVSS: 10.0EPSS: 10%CPEs: 3EXPL: 0CVE-2004-1099
https://notcve.org/view.php?id=CVE-2004-1099
01 Dec 2004 — Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. Cisco Secure Access Control Server para Windows (ACS Windows) y Cisco Secure Access Control Server ... • http://www.ciac.org/ciac/bulletins/p-028.shtml •