Cisco: >> Secure Access Control Server >> 3.0 Security Vulnerabilities
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.
CVSS Score
7.5
EPSS Score
0.006
Published
2004-12-31
Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002.
CVSS Score
7.5
EPSS Score
0.023
Published
2003-05-12
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.
CVSS Score
7.5
EPSS Score
0.031
Published
2002-10-04
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.
CVSS Score
7.5
EPSS Score
0.023
Published
2002-04-22
The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.
CVSS Score
5.0
EPSS Score
0.006
Published
2002-04-22
Page 2