CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
72.3%
The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | secure_access_control_server | * | cpe:2.3:a:cisco:secure_access_control_server:*:*:*:*:*:*:*:* |
cisco | secure_access_control_server | 4.2.1.15.0 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.0:*:*:*:*:*:*:* |
cisco | secure_access_control_server | 4.2.1.15.1 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.1:*:*:*:*:*:*:* |
cisco | secure_access_control_server | 4.2.1.15.2 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.2:*:*:*:*:*:*:* |
cisco | secure_access_control_server | 4.2.1.15.3 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.3:*:*:*:*:*:*:* |
cisco | secure_access_control_server | 4.2.1.15.4 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.4:*:*:*:*:*:*:* |
cisco | secure_access_control_server | 4.2.1.15.6 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.6:*:*:*:*:*:*:* |
cisco | secure_access_control_server | 4.2.1.15.7 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.7:*:*:*:*:*:*:* |
cisco | secure_access_control_server | 4.2.1.15.8 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.8:*:*:*:*:*:*:* |
cisco | secure_access_control_server | 4.2.1.15.9 | cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.9:*:*:*:*:*:*:* |