CVE-2006-4097

CWE-3995 documents5 sources

Severity

7.8HIGH

EPSS

1.8%

top 17.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Secure Access Control Server

Timeline

PublishedDec 31

Latest updateMay 1

Description

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/secure_access_control_server4.0+1

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-7j4m-73mf-j53v: Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4↗2022-05-01

▶

CVEList

CVE-2006-4097: Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4↗2007-01-08

▶

💥Exploits & PoCs

Exploit-DB

Computer Associates Unicenter 6.0 - Remote Control DM Primer Remote Denial of Service↗2006-01-17

▶

📋Vendor Advisories

Cisco

Cisco Secure Access Control Server Access-Request Handling Denial of Service Vulnerability↗2007-01-05

▶