Lucene search

MitreCVE-2004-1460

HistoryFeb 13, 2005 - 5:00 a.m.

CVE-2004-1460

2005-02-1305:00:00

mitre

web.nvd.nist.gov

cisco

secure access control server

acs

vulnerability

unauthorized access

blank password

nds

novell directory services

cve-2004-1460

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.006

Percentile

77.9%

JSON

Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password.

Affected configurations

Nvd

Node

ciscosecure_access_control_serverMatch3.0

ciscosecure_access_control_serverMatch3.1

ciscosecure_access_control_serverMatch3.2

ciscosecure_access_control_serverMatch3.2windows_server

ciscosecure_access_control_serverMatch3.2\(1\)

ciscosecure_access_control_serverMatch3.2\(2\)

ciscosecure_access_control_serverMatch3.2\(3\)

ciscosecure_access_control_serverMatch3.3

ciscosecure_access_control_serverMatch3.3\(1\)

ciscosecure_acs_solution_engine

VendorProductVersionCPE
ciscosecure_access_control_server3.0cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*
ciscosecure_access_control_server3.1cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*
ciscosecure_access_control_server3.2cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*
ciscosecure_access_control_server3.2cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*
ciscosecure_access_control_server3.2(1)cpe:2.3:a:cisco:secure_access_control_server:3.2\(1\):*:*:*:*:*:*:*
ciscosecure_access_control_server3.2(2)cpe:2.3:a:cisco:secure_access_control_server:3.2\(2\):*:*:*:*:*:*:*
ciscosecure_access_control_server3.2(3)cpe:2.3:a:cisco:secure_access_control_server:3.2\(3\):*:*:*:*:*:*:*
ciscosecure_access_control_server3.3cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*
ciscosecure_access_control_server3.3(1)cpe:2.3:a:cisco:secure_access_control_server:3.3\(1\):*:*:*:*:*:*:*
ciscosecure_acs_solution_engine*cpe:2.3:a:cisco:secure_acs_solution_engine:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	secure_access_control_server	3.0	cpe:2.3:a:cisco:secure_access_control_server:3.0:::::::*
cisco	secure_access_control_server	3.1	cpe:2.3:a:cisco:secure_access_control_server:3.1:::::::*
cisco	secure_access_control_server	3.2	cpe:2.3:a:cisco:secure_access_control_server:3.2:::::::*
cisco	secure_access_control_server	3.2	cpe:2.3:a:cisco:secure_access_control_server:3.2::windows_server:::::
cisco	secure_access_control_server	3.2(1)	cpe:2.3:a:cisco:secure_access_control_server:3.2\(1\):::::::*
cisco	secure_access_control_server	3.2(2)	cpe:2.3:a:cisco:secure_access_control_server:3.2\(2\):::::::*
cisco	secure_access_control_server	3.2(3)	cpe:2.3:a:cisco:secure_access_control_server:3.2\(3\):::::::*
cisco	secure_access_control_server	3.3	cpe:2.3:a:cisco:secure_access_control_server:3.3:::::::*
cisco	secure_access_control_server	3.3(1)	cpe:2.3:a:cisco:secure_access_control_server:3.3\(1\):::::::*
cisco	secure_acs_solution_engine	*	cpe:2.3:a:cisco:secure_acs_solution_engine::::::::

References

www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml

www.securityfocus.com/bid/11047

exchange.xforce.ibmcloud.com/vulnerabilities/17117

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.006

Percentile

77.9%

JSON

Related for CVE-2004-1460