Vulnerabilities > Cisco > Secure Access Control Server

DATE CVE VULNERABILITY TITLE RISK
2002-04-22 CVE-2002-0159 USE of Externally-Controlled Format String vulnerability in Cisco Secure Access Control Server
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.
network
low complexity
cisco CWE-134
7.5
7.5
2000-12-11 CVE-2000-1056 Unspecified vulnerability in Cisco Secure Access Control Server 2.1/2.3(3)/2.4(2)
CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords.
network
low complexity
cisco
7.5
7.5
2000-12-11 CVE-2000-1055 Unspecified vulnerability in Cisco Secure Access Control Server 2.1/2.3(3)/2.4(2)
Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet.
network
low complexity
cisco
critical
 10.0
10
2000-12-11 CVE-2000-1054 Unspecified vulnerability in Cisco Secure Access Control Server 2.1/2.3(3)/2.4(2)
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.
network
low complexity
cisco
critical
 10.0
10