Описание
Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.
Ссылки
- Vendor Advisory
- US Government Resource
- Vendor Advisory
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:3.2\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:3.2\(1.20\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:3.2\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:3.2\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:3.3\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:4.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.15801
Средний
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.
EPSS
Процентиль: 95%
0.15801
Средний
10 Critical
CVSS2
Дефекты
NVD-CWE-Other