Lucene search

MitreCVE-2004-1458

HistoryFeb 13, 2005 - 5:00 a.m.

CVE-2004-1458

2005-02-1305:00:00

mitre

web.nvd.nist.gov

cve-2004-1458

csadmin

web administration

cisco secure acs

denial of service

tcp connections

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.7

Confidence

High

EPSS

0.011

Percentile

84.3%

JSON

The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002.

Affected configurations

Nvd

Node

ciscosecure_access_control_serverMatch3.0

ciscosecure_access_control_serverMatch3.1

ciscosecure_access_control_serverMatch3.2

ciscosecure_access_control_serverMatch3.2windows_server

ciscosecure_access_control_serverMatch3.2\(1\)

ciscosecure_access_control_serverMatch3.2\(2\)

ciscosecure_access_control_serverMatch3.2\(3\)

ciscosecure_access_control_serverMatch3.3

ciscosecure_access_control_serverMatch3.3\(1\)

ciscosecure_acs_solution_engine

VendorProductVersionCPE
ciscosecure_access_control_server3.0cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*
ciscosecure_access_control_server3.1cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*
ciscosecure_access_control_server3.2cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*
ciscosecure_access_control_server3.2cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*
ciscosecure_access_control_server3.2(1)cpe:2.3:a:cisco:secure_access_control_server:3.2\(1\):*:*:*:*:*:*:*
ciscosecure_access_control_server3.2(2)cpe:2.3:a:cisco:secure_access_control_server:3.2\(2\):*:*:*:*:*:*:*
ciscosecure_access_control_server3.2(3)cpe:2.3:a:cisco:secure_access_control_server:3.2\(3\):*:*:*:*:*:*:*
ciscosecure_access_control_server3.3cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*
ciscosecure_access_control_server3.3(1)cpe:2.3:a:cisco:secure_access_control_server:3.3\(1\):*:*:*:*:*:*:*
ciscosecure_acs_solution_engine*cpe:2.3:a:cisco:secure_acs_solution_engine:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	secure_access_control_server	3.0	cpe:2.3:a:cisco:secure_access_control_server:3.0:::::::*
cisco	secure_access_control_server	3.1	cpe:2.3:a:cisco:secure_access_control_server:3.1:::::::*
cisco	secure_access_control_server	3.2	cpe:2.3:a:cisco:secure_access_control_server:3.2:::::::*
cisco	secure_access_control_server	3.2	cpe:2.3:a:cisco:secure_access_control_server:3.2::windows_server:::::
cisco	secure_access_control_server	3.2(1)	cpe:2.3:a:cisco:secure_access_control_server:3.2\(1\):::::::*
cisco	secure_access_control_server	3.2(2)	cpe:2.3:a:cisco:secure_access_control_server:3.2\(2\):::::::*
cisco	secure_access_control_server	3.2(3)	cpe:2.3:a:cisco:secure_access_control_server:3.2\(3\):::::::*
cisco	secure_access_control_server	3.3	cpe:2.3:a:cisco:secure_access_control_server:3.3:::::::*
cisco	secure_access_control_server	3.3(1)	cpe:2.3:a:cisco:secure_access_control_server:3.3\(1\):::::::*
cisco	secure_acs_solution_engine	*	cpe:2.3:a:cisco:secure_acs_solution_engine::::::::

References

osvdb.org/9182

secunia.com/advisories/12386/

www.ciac.org/ciac/bulletins/o-203.shtml

www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml

www.securityfocus.com/bid/11047

exchange.xforce.ibmcloud.com/vulnerabilities/17114

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.7

Confidence

High

EPSS

0.011

Percentile

84.3%

JSON

Related for CVE-2004-1458