Lucene search
MitreCVE-2004-1461HistoryFeb 13, 2005 - 5:00 a.m.
CVE-2004-1461
2005-02-1305:00:00
mitre
web.nvd.nist.gov
24
cisco
secure access control server
acs
authentication bypass
remote attackers
vulnerability
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.004
Percentile
73.2%
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.
Affected configurations
Node
ciscosecure_access_control_serverMatch3.0
ORciscosecure_access_control_serverMatch3.1
ORciscosecure_access_control_serverMatch3.2
ORciscosecure_access_control_serverMatch3.2windows_server
ORciscosecure_access_control_serverMatch3.2\(1\)
ORciscosecure_access_control_serverMatch3.2\(2\)
ORciscosecure_access_control_serverMatch3.2\(3\)
ORciscosecure_access_control_serverMatch3.3
ORciscosecure_access_control_serverMatch3.3\(1\)
ORciscosecure_acs_solution_engine
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | secure_access_control_server | 3.0 | cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 3.1 | cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 3.2 | cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 3.2 | cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:* |
| cisco | secure_access_control_server | 3.2(1) | cpe:2.3:a:cisco:secure_access_control_server:3.2\(1\):*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 3.2(2) | cpe:2.3:a:cisco:secure_access_control_server:3.2\(2\):*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 3.2(3) | cpe:2.3:a:cisco:secure_access_control_server:3.2\(3\):*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 3.3 | cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 3.3(1) | cpe:2.3:a:cisco:secure_access_control_server:3.3\(1\):*:*:*:*:*:*:* |
| cisco | secure_acs_solution_engine | * | cpe:2.3:a:cisco:secure_acs_solution_engine:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2004-1461
2005-02-13 05:00:00
nvd
nvd
CVE-2004-1461
2004-12-31 05:00:00
cisco
cisco
Multiple Vulnerabilities in Cisco Secure Access Control Server
2004-08-25 16:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.004
Percentile
73.2%
Related for CVE-2004-1461