Lucene search

[email protected]NVD:CVE-2004-1460

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-1460

2004-12-3105:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.006

Percentile

77.9%

JSON

Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password.

Affected configurations

Nvd

Node

ciscosecure_access_control_serverMatch3.0

ciscosecure_access_control_serverMatch3.1

ciscosecure_access_control_serverMatch3.2

ciscosecure_access_control_serverMatch3.2windows_server

ciscosecure_access_control_serverMatch3.2\(1\)

ciscosecure_access_control_serverMatch3.2\(2\)

ciscosecure_access_control_serverMatch3.2\(3\)

ciscosecure_access_control_serverMatch3.3

ciscosecure_access_control_serverMatch3.3\(1\)

ciscosecure_acs_solution_engine

VendorProductVersionCPE
ciscosecure_access_control_server3.0cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*
ciscosecure_access_control_server3.1cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*
ciscosecure_access_control_server3.2cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*
ciscosecure_access_control_server3.2cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*
ciscosecure_access_control_server3.2(1)cpe:2.3:a:cisco:secure_access_control_server:3.2\(1\):*:*:*:*:*:*:*
ciscosecure_access_control_server3.2(2)cpe:2.3:a:cisco:secure_access_control_server:3.2\(2\):*:*:*:*:*:*:*
ciscosecure_access_control_server3.2(3)cpe:2.3:a:cisco:secure_access_control_server:3.2\(3\):*:*:*:*:*:*:*
ciscosecure_access_control_server3.3cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*
ciscosecure_access_control_server3.3(1)cpe:2.3:a:cisco:secure_access_control_server:3.3\(1\):*:*:*:*:*:*:*
ciscosecure_acs_solution_engine*cpe:2.3:a:cisco:secure_acs_solution_engine:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	secure_access_control_server	3.0	cpe:2.3:a:cisco:secure_access_control_server:3.0:::::::*
cisco	secure_access_control_server	3.1	cpe:2.3:a:cisco:secure_access_control_server:3.1:::::::*
cisco	secure_access_control_server	3.2	cpe:2.3:a:cisco:secure_access_control_server:3.2:::::::*
cisco	secure_access_control_server	3.2	cpe:2.3:a:cisco:secure_access_control_server:3.2::windows_server:::::
cisco	secure_access_control_server	3.2(1)	cpe:2.3:a:cisco:secure_access_control_server:3.2\(1\):::::::*
cisco	secure_access_control_server	3.2(2)	cpe:2.3:a:cisco:secure_access_control_server:3.2\(2\):::::::*
cisco	secure_access_control_server	3.2(3)	cpe:2.3:a:cisco:secure_access_control_server:3.2\(3\):::::::*
cisco	secure_access_control_server	3.3	cpe:2.3:a:cisco:secure_access_control_server:3.3:::::::*
cisco	secure_access_control_server	3.3(1)	cpe:2.3:a:cisco:secure_access_control_server:3.3\(1\):::::::*
cisco	secure_acs_solution_engine	*	cpe:2.3:a:cisco:secure_acs_solution_engine::::::::

References

www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml

www.securityfocus.com/bid/11047

exchange.xforce.ibmcloud.com/vulnerabilities/17117

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.006

Percentile

77.9%

JSON

Related for NVD:CVE-2004-1460

cve1 cvelist1 cisco1