Vulnerabilities > Cisco > Secure Access Control Server > 3.0.1

DATE CVE VULNERABILITY TITLE RISK
2013-08-29 CVE-2013-3466 Improper Authentication vulnerability in Cisco Secure Access Control Server
The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.
network
cisco CWE-287
critical
9.3
2007-01-09 CVE-2007-0105 Remote vulnerability in Cisco Secure Access Control Server
Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.
network
low complexity
cisco
7.5
2006-12-31 CVE-2006-4097 Remote vulnerability in Cisco Secure Access Control Server
Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet.
network
low complexity
cisco
7.8
2006-05-10 CVE-2006-0561 Unspecified vulnerability in Cisco Secure Access Control Server
Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.
local
low complexity
cisco
7.2
2005-05-31 CVE-2005-0356 Remote Denial Of Service vulnerability in Multiple Vendor TCP Timestamp PAWS
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
5.0
2003-05-12 CVE-2003-0210 Unspecified vulnerability in Cisco Secure Access Control Server
Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002.
network
low complexity
cisco
7.5
2002-10-04 CVE-2002-0938 Cross-Site Scripting vulnerability in Cisco Secure ACS
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.
network
low complexity
cisco
7.5
2002-05-29 CVE-2002-0241 Authentication vulnerability in Cisco Secure Access Control Server 3.0.1
NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server.
network
low complexity
cisco
7.5
2002-04-22 CVE-2002-0160 Unspecified vulnerability in Cisco Secure Access Control Server
The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\..
network
low complexity
cisco
5.0
2002-04-22 CVE-2002-0159 USE of Externally-Controlled Format String vulnerability in Cisco Secure Access Control Server
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.
network
low complexity
cisco CWE-134
7.5