CVE-2004-1461

5 documents5 sources
Severity
7.5HIGH
EPSS
0.5%
top 33.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Secure Access Control Server
Timeline
PublishedDec 31
Latest updateApr 29

Description

Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: www.cisco.com ā†—Patch: www.cisco.com ā†—

šŸ”“Vulnerability Details

2
GHSA
GHSA-5224-x825-p35j: Cisco Secure Access Control Server (ACS) 3ā†—2022-04-29
ā–¶
CVEList
CVE-2004-1461: Cisco Secure Access Control Server (ACS) 3ā†—2005-02-13
ā–¶

šŸ’„Exploits & PoCs

1
Exploit-DB
Ethereal 0.10.10 - 'SIP' Protocol Dissector Remote Buffer Overflowā†—2005-05-31
ā–¶

šŸ“‹Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco Secure Access Control Serverā†—2004-08-25
ā–¶
CVE-2004-1461 (HIGH CVSS 7.5) | Cisco Secure Access Control Server | cvebase.io