Secure Access Control Server
CVEs (44)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-0414 | Med | 0.37 | 5.7 | 0.02 | Oct 5, 2018 | A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an… | ||
| CVE-2018-0218 | Low | 0.22 | 3.3 | 0.02 | Mar 8, 2018 | A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML… | ||
| CVE-2018-0207 | Low | 0.22 | 3.3 | 0.02 | Mar 8, 2018 | A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML… | ||
| CVE-2005-0356 | 0.10 | — | 0.83 | May 31, 2005 | Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later… | |||
| CVE-2008-0532 | 0.08 | — | 0.57 | Mar 14, 2008 | Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after… | |||
| CVE-2006-3101 | 0.05 | — | 0.24 | Jun 21, 2006 | Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters. | |||
| CVE-2000-1054 | 0.04 | — | 0.08 | Dec 11, 2000 | Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet. | |||
| CVE-2002-0938 | 0.03 | — | 0.03 | Oct 4, 2002 | Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe. | |||
| CVE-2007-0105 | 0.01 | — | 0.11 | Jan 9, 2007 | Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. | |||
| CVE-2006-4098 | 0.01 | — | 0.13 | Dec 31, 2006 | Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. | |||
| CVE-2004-1099 | 0.01 | — | 0.10 | Jan 10, 2005 | Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to… | |||
| CVE-2015-6349 | 0.00 | — | 0.01 | Oct 30, 2015 | Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-6348 | 0.00 | — | 0.01 | Oct 30, 2015 | The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page. | |||
| CVE-2015-6347 | 0.00 | — | 0.01 | Oct 30, 2015 | The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page. | |||
| CVE-2015-6346 | 0.00 | — | 0.01 | Oct 30, 2015 | Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-6345 | 0.00 | — | 0.01 | Oct 30, 2015 | SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700. | |||
| CVE-2015-6300 | 0.00 | — | 0.02 | Sep 20, 2015 | Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694. | |||
| CVE-2015-0746 | 0.00 | — | 0.01 | May 22, 2015 | The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. | |||
| CVE-2015-0729 | 0.00 | — | 0.01 | May 16, 2015 | Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005. | |||
| CVE-2015-0728 | 0.00 | — | 0.02 | May 15, 2015 | Cross-site scripting (XSS) vulnerability in Cisco Access Control Server (ACS) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu11002. |
- risk 0.37cvss 5.7epss 0.02
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an…
- risk 0.22cvss 3.3epss 0.02
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML…
- risk 0.22cvss 3.3epss 0.02
A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML…
- CVE-2005-0356May 31, 2005risk 0.10cvss —epss 0.83
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later…
- CVE-2008-0532Mar 14, 2008risk 0.08cvss —epss 0.57
Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after…
- CVE-2006-3101Jun 21, 2006risk 0.05cvss —epss 0.24
Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters.
- CVE-2000-1054Dec 11, 2000risk 0.04cvss —epss 0.08
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.
- CVE-2002-0938Oct 4, 2002risk 0.03cvss —epss 0.03
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.
- CVE-2007-0105Jan 9, 2007risk 0.01cvss —epss 0.11
Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.
- CVE-2006-4098Dec 31, 2006risk 0.01cvss —epss 0.13
Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.
- CVE-2004-1099Jan 10, 2005risk 0.01cvss —epss 0.10
Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to…
- CVE-2015-6349Oct 30, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
- CVE-2015-6348Oct 30, 2015risk 0.00cvss —epss 0.01
The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.
- CVE-2015-6347Oct 30, 2015risk 0.00cvss —epss 0.01
The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page.
- CVE-2015-6346Oct 30, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
- CVE-2015-6345Oct 30, 2015risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.
- CVE-2015-6300Sep 20, 2015risk 0.00cvss —epss 0.02
Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694.
- CVE-2015-0746May 22, 2015risk 0.00cvss —epss 0.01
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.
- CVE-2015-0729May 16, 2015risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005.
- CVE-2015-0728May 15, 2015risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Cisco Access Control Server (ACS) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu11002.
Page 1 of 3