Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Cisco Subscribe
Filtered by product Secure Acs Solution Engine
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1099 1 Cisco 2 Secure Access Control Server, Secure Acs Solution Engine 2018-10-30 10.0 HIGH N/A
Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username.
CVE-2004-1458 1 Cisco 2 Secure Access Control Server, Secure Acs Solution Engine 2018-10-30 5.0 MEDIUM N/A
The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002.
CVE-2004-1459 1 Cisco 2 Secure Access Control Server, Secure Acs Solution Engine 2017-07-10 5.0 MEDIUM N/A
Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests.
CVE-2004-1460 1 Cisco 2 Secure Access Control Server, Secure Acs Solution Engine 2017-07-10 7.5 HIGH N/A
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password.
CVE-2004-1461 1 Cisco 2 Secure Access Control Server, Secure Acs Solution Engine 2017-07-10 7.5 HIGH N/A
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.