VYPR

Secure Acs

by Cisco Systems, Inc.

CVEs (24)

  • CVE-2008-2441Sep 4, 2008
    risk 0.00cvss epss 0.03

    Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows…

  • CVE-2007-1800Apr 2, 2007
    risk 0.00cvss epss 0.01

    Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to…

  • CVE-2003-0210May 12, 2003
    risk 0.00cvss epss 0.06

    Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002.

  • CVE-2002-0241May 29, 2002
    risk 0.00cvss epss 0.02

    NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server.

Page 2 of 2