Cisco Secure Access Control Server — known CVE vulnerabilities
Every CVE whose affected-product data names Cisco Secure Access Control Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (34)
CVE-2004-1099 — CVSS 10.0 (critical): Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine)…
CVE-2006-4098 — CVSS 10.0 (critical): Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution…
CVE-2000-1054 — CVSS 10.0 (critical): Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and…
CVE-2000-1055 — CVSS 10.0 (critical): Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute…
CVE-2013-3466 — CVSS 9.3 (critical): The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration…
CVE-2006-4097 — CVSS 7.8 (high): Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS…
CVE-2004-1460 — CVSS 7.5 (high): Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and…
CVE-2004-1461 — CVSS 7.5 (high): Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user…
CVE-2005-4499 — CVSS 7.5 (high): The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control…
CVE-2006-3226 — CVSS 7.5 (high): Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an…
CVE-2000-1056 — CVSS 7.5 (high): CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows…
CVE-2002-0159 — CVSS 7.5 (high): Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and…
CVE-2002-0241 — CVSS 7.5 (high): NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell…
CVE-2002-0938 — CVSS 7.5 (high): Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users…
CVE-2003-0210 — CVSS 7.5 (high): Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of…
CVE-2007-0105 — CVSS 7.5 (high): Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution…
CVE-2008-2441 — CVSS 7.5 (high): Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch…
CVE-2006-0561 — CVSS 7.2 (high): Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with…
CVE-2011-3293 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow…
CVE-2015-6345 — CVSS 6.5 (medium): SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users…
CVE-2005-0356 — CVSS 5.0 (medium): Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote…
CVE-2004-1458 — CVSS 5.0 (medium): The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a…
CVE-2002-1095 — CVSS 5.0 (medium): Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a…
CVE-2012-5424 — CVSS 5.0 (medium): Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+…
CVE-2002-0160 — CVSS 5.0 (medium): The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40)…
CVE-2015-0746 — CVSS 5.0 (medium): The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending…
CVE-2015-0729 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to…
CVE-2006-3101 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web…
CVE-2015-6349 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15)…
CVE-2015-6346 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary…
CVE-2011-3317 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote…
CVE-2015-6300 — CVSS 4.0 (medium): Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH…
CVE-2015-6348 — CVSS 4.0 (medium): The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote…
CVE-2015-6347 — CVSS 4.0 (medium): The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC…