Lucene search
CiscoCVE-2013-3466HistoryAug 29, 2013 - 12:07 p.m.
CVE-2013-3466
2013-08-2912:07:53
CWE-287
cisco
web.nvd.nist.gov
26
cve-2013-3466
cisco
secure access control server
acs
radius
eap-fast
authentication
remote attack
arbitrary commands
vulnerability
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
8
Confidence
Low
EPSS
0.004
Percentile
72.3%
The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.
Affected configurations
Node
ciscosecure_access_control_serverRange≤4.2.1.15.10
ORciscosecure_access_control_serverMatch4.2.1.15.0
ORciscosecure_access_control_serverMatch4.2.1.15.1
ORciscosecure_access_control_serverMatch4.2.1.15.2
ORciscosecure_access_control_serverMatch4.2.1.15.3
ORciscosecure_access_control_serverMatch4.2.1.15.4
ORciscosecure_access_control_serverMatch4.2.1.15.6
ORciscosecure_access_control_serverMatch4.2.1.15.7
ORciscosecure_access_control_serverMatch4.2.1.15.8
ORciscosecure_access_control_serverMatch4.2.1.15.9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | secure_access_control_server | * | cpe:2.3:a:cisco:secure_access_control_server:*:*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 4.2.1.15.0 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.0:*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 4.2.1.15.1 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.1:*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 4.2.1.15.2 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.2:*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 4.2.1.15.3 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.3:*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 4.2.1.15.4 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.4:*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 4.2.1.15.6 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.6:*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 4.2.1.15.7 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.7:*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 4.2.1.15.8 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.8:*:*:*:*:*:*:* |
| cisco | secure_access_control_server | 4.2.1.15.9 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.9:*:*:*:*:*:*:* |
Related
thn
thn
CISCO vulnerability allows remote attacker to take control of Windows system
2013-08-30 17:30:00
CISCO vulnerability allows remote attacker to take control of Windows system
2013-08-30 06:30:00
prion
prion
Design/Logic Flaw
2013-08-29 12:07:00
nvd
nvd
CVE-2013-3466
2013-08-29 12:07:53
cvelist
cvelist
CVE-2013-3466
2013-08-29 10:00:00
nessus
nessus
Cisco Secure Access Control Server for Windows Remote Code Execution
2013-09-17 00:00:00
cisco
cisco
Cisco Secure Access Control Server Remote Command Execution Vulnerability
2013-08-28 16:00:00
securityvulns
securityvulns
Cisco Secure Access Control Server authentication bypass
2013-10-09 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
8
Confidence
Low
EPSS
0.004
Percentile
72.3%
Related for CVE-2013-3466