CVE-2006-0561

3 documents3 sources

Severity

7.2HIGH

EPSS

0.0%

top 84.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Access Control Server

Timeline

PublishedMay 10

Latest updateMay 1

Description

Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/secure_access_control_server7 versions+6

Patches

Patch: securitytracker.com ↗Patch: www.cisco.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-976g-q969-v28j: Cisco Secure Access Control Server (ACS) 3↗2022-05-01

▶

CVEList

CVE-2006-0561: Cisco Secure Access Control Server (ACS) 3↗2006-05-09

▶