Описание
The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.
Ссылки
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.1.15.10 (включая)
Одно из
cpe:2.3:a:cisco:secure_access_control_server:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.9:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00722
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.
EPSS
Процентиль: 72%
0.00722
Низкий
9.3 Critical
CVSS2
Дефекты
CWE-287