Unrated severityNVD Advisory· Published Jun 26, 2006· Updated Jun 16, 2026

CVE-2006-3226

Description

Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Cisco Systems, Inc./Secure Access Control Server3 versions
cpe:2.3:a:cisco:secure_access_control_server:4.0.1:*:windows:*:*:*:*:*+ 2 more
- cpe:2.3:a:cisco:secure_access_control_server:4.0.1:*:windows:*:*:*:*:*
- cpe:2.3:a:cisco:secure_access_control_server:4.0:*:windows:*:*:*:*:*
- (no CPE)range: 4.x

Patches

Vulnerability mechanics

References

www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.htmlnvdVendor Advisory
secunia.com/advisories/20816nvd
securityreason.com/securityalert/1157nvd
securitytracker.com/idnvd
www.osvdb.org/26825nvd
www.securityfocus.com/archive/1/438161/100/0/threadednvd
www.securityfocus.com/archive/1/438258/100/0/threadednvd
www.securityfocus.com/bid/18621nvd
www.vupen.com/english/advisories/2006/2524nvd
exchange.xforce.ibmcloud.com/vulnerabilities/27328nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000