CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2004-1099

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.107

EPSS Ranking 93.0%

CVSS Severity

CVSS v2 Score 10.0

References

http://www.ciac.org/ciac/bulletins/p-028.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml
http://www.securityfocus.com/bid/11577
https://exchange.xforce.ibmcloud.com/vulnerabilities/17936
http://www.ciac.org/ciac/bulletins/p-028.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml
http://www.securityfocus.com/bid/11577
https://exchange.xforce.ibmcloud.com/vulnerabilities/17936

Products affected by CVE-2004-1099

Cisco » Secure Access Control Server » Version: 3.3(1)

cpe:2.3:a:cisco:secure_access_control_server:3.3(1)
Cisco » Secure Access Control Server » Version: 3.3.1

cpe:2.3:a:cisco:secure_access_control_server:3.3.1
Cisco » Secure Acs Solution Engine » Version: N/A

cpe:2.3:a:cisco:secure_acs_solution_engine:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-1099

Products

Pricing

Contact Us