CVE-2013-3466
 
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.
El módulo de autenticación EAP-FAST en Cisco Secure Access Control Server (ACS) v4.x anterior a v4.2.1.15.11, cuando la configuración de servidor RADIUS está habilitada, no analiza correctamente las identidades de usuario, lo que permite a atacantes remotos ejecutar código arbitrario a través de paquetes manipulados EAP-FAST, también conocido como Bug ID CSCui57636.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-05-06 CVE Reserved
- 2013-08-29 CVE Published
- 2024-07-19 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://osvdb.org/96668 | Vdb Entry | |
http://www.securitytracker.com/id/1028958 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs | 2016-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Secure Access Control Server Search vendor "Cisco" for product "Secure Access Control Server" | <= 4.2.1.15.10 Search vendor "Cisco" for product "Secure Access Control Server" and version " <= 4.2.1.15.10" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Secure Access Control Server Search vendor "Cisco" for product "Secure Access Control Server" | 4.2.1.15.0 Search vendor "Cisco" for product "Secure Access Control Server" and version "4.2.1.15.0" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Secure Access Control Server Search vendor "Cisco" for product "Secure Access Control Server" | 4.2.1.15.1 Search vendor "Cisco" for product "Secure Access Control Server" and version "4.2.1.15.1" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Secure Access Control Server Search vendor "Cisco" for product "Secure Access Control Server" | 4.2.1.15.2 Search vendor "Cisco" for product "Secure Access Control Server" and version "4.2.1.15.2" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Secure Access Control Server Search vendor "Cisco" for product "Secure Access Control Server" | 4.2.1.15.3 Search vendor "Cisco" for product "Secure Access Control Server" and version "4.2.1.15.3" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Secure Access Control Server Search vendor "Cisco" for product "Secure Access Control Server" | 4.2.1.15.4 Search vendor "Cisco" for product "Secure Access Control Server" and version "4.2.1.15.4" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Secure Access Control Server Search vendor "Cisco" for product "Secure Access Control Server" | 4.2.1.15.6 Search vendor "Cisco" for product "Secure Access Control Server" and version "4.2.1.15.6" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Secure Access Control Server Search vendor "Cisco" for product "Secure Access Control Server" | 4.2.1.15.7 Search vendor "Cisco" for product "Secure Access Control Server" and version "4.2.1.15.7" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Secure Access Control Server Search vendor "Cisco" for product "Secure Access Control Server" | 4.2.1.15.8 Search vendor "Cisco" for product "Secure Access Control Server" and version "4.2.1.15.8" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Secure Access Control Server Search vendor "Cisco" for product "Secure Access Control Server" | 4.2.1.15.9 Search vendor "Cisco" for product "Secure Access Control Server" and version "4.2.1.15.9" | - |
Affected
|