2.4(2)

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

cisco

critical

NVD

Published: 2000-12-11

Updated: 2017-10-10

Summary

Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Secure Access Control Server 2.1 Cisco Secure Access Control Server 2.3\(3\) Cisco Secure Access Control Server 2.4\(2\)	3

References

http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
http://www.osvdb.org/1569
http://www.securityfocus.com/bid/1706
https://exchange.xforce.ibmcloud.com/vulnerabilities/5273