CVE-2004-1459
Description
Cisco ACS 3.2 LEAP proxy vulnerable to denial of service via crafted LEAP authentication requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco ACS 3.2 LEAP proxy vulnerable to denial of service via crafted LEAP authentication requests.
Vulnerability
Cisco Secure Access Control Server (ACS) version 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, is vulnerable to a denial of service (device crash) triggered by specially crafted LEAP authentication requests [1]. The vulnerability exists in the LEAP proxy handling code and does not require any special configuration beyond enabling the LEAP proxy feature.
Exploitation
An unauthenticated remote attacker can send a sequence of crafted LEAP authentication requests to the vulnerable ACS server. The attacker does not need prior network access or authentication; the attack can be conducted over the network from any location that can reach the ACS server [1].
Impact
Successful exploitation causes the Cisco ACS device to crash, resulting in a denial of service. The crash disrupts all authentication services provided by the ACS, potentially affecting network access for legitimate users [1].
Mitigation
Cisco has released a security advisory addressing this vulnerability [1]. Users should upgrade to a fixed version of Cisco ACS as recommended in the advisory. No workaround is available. The vulnerability is not known to be listed in the CISA KEV catalog.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: = 3.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.