Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-1054

4 documents4 sources

Severity

10.0CRITICAL

EPSS

8.4%

top 7.66%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cisco Secure Access Control Server

Timeline

PublishedDec 11

Latest updateApr 30

Description

Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/secure_access_control_server2.1, 2.3\(3\), 2.4\(2\)+2

Patches

Patch: www.cisco.com ↗Patch: www.securityfocus.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-rhhg-gcgg-238f: Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2↗2022-04-30

▶

CVEList

CVE-2000-1054: Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2↗2001-01-22

▶

💥Exploits & PoCs

Exploit-DB

Cisco Secure ACS for Windows NT 2.42 - Remote Buffer Overflow↗2000-09-21

▶