CVE-2004-1461
published 2004-12-31CVE-2004-1461: Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | secure | — | — |
| cisco | secure_access_control_server | — | — |
| cisco | secure_access_control_server | — | — |
| cisco | secure_access_control_server | — | — |
| cisco | secure_access_control_server | — | — |
| cisco | secure_access_control_server | — | — |
| cisco | secure_access_control_server | — | — |
| cisco | secure_access_control_server | — | — |
| cisco | secure_access_control_server | — | — |