Vulnerabilities > Cisco > Secure Access Control Server > 2.3

DATE CVE VULNERABILITY TITLE RISK
2013-08-29 CVE-2013-3466 Improper Authentication vulnerability in Cisco Secure Access Control Server
The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.
network
cisco CWE-287
critical
9.3
2007-01-09 CVE-2007-0105 Remote vulnerability in Cisco Secure Access Control Server
Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.
network
low complexity
cisco
7.5
2006-12-31 CVE-2006-4097 Remote vulnerability in Cisco Secure Access Control Server
Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet.
network
low complexity
cisco
7.8
2006-06-21 CVE-2006-3101 Cross-Site Scripting vulnerability in Cisco Secure Access Control Server 2.3
Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters.
network
cisco
4.3
2005-05-31 CVE-2005-0356 Remote Denial Of Service vulnerability in Multiple Vendor TCP Timestamp PAWS
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
5.0
2003-05-12 CVE-2003-0210 Unspecified vulnerability in Cisco Secure Access Control Server
Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002.
network
low complexity
cisco
7.5