CVE-2004-1460

4 documents4 sources
Severity
7.5HIGH
EPSS
0.7%
top 27.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Secure Access Control Server
Timeline
PublishedDec 31
Latest updateApr 29

Description

Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-x676-wgv5-xjjq: Cisco Secure Access Control Server (ACS) 32022-04-29
CVEList
CVE-2004-1460: Cisco Secure Access Control Server (ACS) 32005-02-13

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco Secure Access Control Server2004-08-25
CVE-2004-1460 (HIGH CVSS 7.5) | Cisco Secure Access Control Server | cvebase.io