CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
89.6%
Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | secure_access_control_server | * | cpe:2.3:a:cisco:secure_access_control_server:*:*:*:*:*:*:*:* |
cisco | secure_access_control_server | 4.1 | cpe:2.3:a:cisco:secure_access_control_server:4.1:*:windows:*:*:*:*:* |