Secure Access Control Server
CVEs (44)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-0160 | 0.00 | — | 0.02 | Apr 22, 2002 | The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. | |||
| CVE-2000-1056 | 0.00 | — | 0.02 | Dec 11, 2000 | CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords. | |||
| CVE-2000-1055 | 0.00 | — | 0.04 | Dec 11, 2000 | Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet. | |||
| CVE-1999-0734 | 0.00 | — | 0.01 | Aug 19, 1999 | A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication. |
- CVE-2002-0160Apr 22, 2002risk 0.00cvss —epss 0.02
The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.
- CVE-2000-1056Dec 11, 2000risk 0.00cvss —epss 0.02
CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords.
- CVE-2000-1055Dec 11, 2000risk 0.00cvss —epss 0.04
Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet.
- CVE-1999-0734Aug 19, 1999risk 0.00cvss —epss 0.01
A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication.
Page 3 of 3