Secure Acs Solution Engine

CVEs (4)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2004-1099	Cisco Systems, Inc. Secure Access Control Server	—	0.02	Jan 10, 2005	Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username.
CVE-2004-1460	Cisco Systems, Inc. Secure Access Control Server	—	0.01	Dec 31, 2004	Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password.
CVE-2004-1461	Cisco Systems, Inc. Secure Access Control Server	—	0.01	Dec 31, 2004	Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.
CVE-2004-1458	Cisco Systems, Inc. Secure Access Control Server	—	0.01	Dec 31, 2004	The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002.

CVE-2004-1099Jan 10, 2005
Cisco Systems, Inc.
Secure Access Control Server
risk 0.00cvss —epss 0.02
Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username.
CVE-2004-1460Dec 31, 2004
Cisco Systems, Inc.
Secure Access Control Server
risk 0.00cvss —epss 0.01
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password.
CVE-2004-1461Dec 31, 2004
Cisco Systems, Inc.
Secure Access Control Server
risk 0.00cvss —epss 0.01
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.
CVE-2004-1458Dec 31, 2004
Cisco Systems, Inc.
Secure Access Control Server
risk 0.00cvss —epss 0.01
The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002.