Cisco Secure vulnerabilities

CVE-2018-0207 Cisco Secure Access Control Server XML External Entity Injection Vulnerability CVE-2018-0207: Cisco Secure Access Control Server XML External Entity Injection Vulnerability A vulnerability in the web-based user interface of the Cisco Secure Access Control Server could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An a

CVE-2008-0532 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities CVE-2008-0532: Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities Two sets of vulnerabilities were discovered in the Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application and reported to Cisco by Felix 'FX' Lindner, Recurity Labs GmbH. The first set of vulnerabilities address several buffer overflow conditions in the

CVE-2004-1461 Multiple Vulnerabilities in Cisco Secure Access Control Server CVE-2004-1461: Multiple Vulnerabilities in Cisco Secure Access Control Server Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) provide authentication, authorization, and accounting (AAA) services to network devices such as a network access server, Cisco PIX and a router. This advisory documents multiple Denial of Service (DoS) and a

CVE-2015-6346 Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability CVE-2015-6346: Cisco Secure Access Control Server Dom-Based Cross-Site Scripting Vulnerability A vulnerability in the Cisco Secure Access Control Server (ACS) web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)-based, environment or client side, cross-site scripting (XSS) attack. The vulnerability is due to a lack

CVE-2015-0580 Cisco Secure Access Control System SQL Injection Vulnerability CVE-2015-0580: Cisco Secure Access Control System SQL Injection Vulnerability Cisco Secure Access Control System (ACS) prior to version 5.5 patch 8 is vulnerable to a SQL injection attack in the ACS View reporting interface pages. A successful attack could allow an authenticated, remote attacker to access and modify information such as RADIUS accounting records stored in one of the ACS View databases or to access inform

CVE-2013-3466 Cisco Secure Access Control Server Remote Command Execution Vulnerability CVE-2013-3466: Cisco Secure Access Control Server Remote Command Execution Vulnerability A vulnerability in the EAP-FAST authentication module of Cisco Secure Access Control Server (ACS) versions 4.0 through 4.2.1.15 could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Secure ACS server. This vulnerability is only present when Cisco Secure ACS is configured as a RADIUS se

CVE-2023-20240 Cisco Secure Client Software Denial of Service Vulnerabilities CVE-2023-20240: Cisco Secure Client Software Denial of Service Vulnerabilities Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these

CVE-2014-0650 Multiple Vulnerabilities in Cisco Secure Access Control System CVE-2014-0650: Multiple Vulnerabilities in Cisco Secure Access Control System Cisco Secure Access Control System (ACS) is affected by the following vulnerabilities: Cisco Secure ACS RMI Privilege Escalation Vulernability Cisco Secure ACS RMI Unauthenticated User Access Vulnerability Cisco Secure ACS Operating System Command Injection Vulnerability Cisco Secure ACS uses the Remote Method Invocation (RMI) interface for in

CVE-2015-6348 Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability CVE-2015-6348: Cisco Secure Access Control Server Role-Based Access Control Weak Protection Vulnerability A vulnerability in the role-based access control (RBAC) implementation of the Cisco Secure Access Control Server (ACS) could allow an authenticated, remote attacker to view system administrator reports and status. The vulnerability is due to improper RBAC validation when a user accesses t

CVE-2017-12354 Cisco Secure Access Control System Information Disclosure Vulnerability CVE-2017-12354: Cisco Secure Access Control System Information Disclosure Vulnerability A vulnerability in the web-based interface of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version information when the softwar

CVE-2015-6345 Cisco Secure Access Control Server SQL Injection Vulnerability CVE-2015-6345: Cisco Secure Access Control Server SQL Injection Vulnerability A vulnerability in the Cisco Secure Access Control Server (ACS) interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by

CVE-2024-20474 Cisco Secure Client Software Denial of Service Vulnerability CVE-2024-20474: Cisco Secure Client Software Denial of Service Vulnerability A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco Secure Client. This vulnerability is due to an integer underflow condition. An attacker could exploit this vulnerability by sending a crafted IKEv2 packe

CVE-2023-20241 Cisco Secure Client Software Denial of Service Vulnerabilities CVE-2023-20241: Cisco Secure Client Software Denial of Service Vulnerabilities Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. These vulnerabilities are due to an out-of-bounds memory read from Cisco Secure Client Software. An attacker could exploit these

CVE-2025-20206 Cisco Secure Client for Windows with Secure Firewall Posture Engine DLL Hijacking Vulnerability CVE-2025-20206: Cisco Secure Client for Windows with Secure Firewall Posture Engine DLL Hijacking Vulnerability A vulnerability in the interprocess communication (IPC) channel of Cisco Secure Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the Secure Firewall Posture Engine, formerly HostScan, is installed on Cis

CVE-2008-0533 Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities CVE-2008-0533: Cisco Secure Access Control Server for Windows User-Changeable Password Vulnerabilities Two sets of vulnerabilities were discovered in the Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application and reported to Cisco by Felix 'FX' Lindner, Recurity Labs GmbH. The first set of vulnerabilities address several buffer overflow conditions in the

CVE-2012-5424 Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability CVE-2012-5424: Cisco Secure Access Control System TACACS+ Authentication Bypass Vulnerability Cisco Secure Access Control System (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication service offered by the affected product. The vulnerability is due to improper validation of the user-supplied password when TACACS+ is the authentication p

CVE-2004-1460 Multiple Vulnerabilities in Cisco Secure Access Control Server CVE-2004-1460: Multiple Vulnerabilities in Cisco Secure Access Control Server Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) provide authentication, authorization, and accounting (AAA) services to network devices such as a network access server, Cisco PIX and a router. This advisory documents multiple Denial of Service (DoS) and a

CVE-2004-1459 Multiple Vulnerabilities in Cisco Secure Access Control Server CVE-2004-1459: Multiple Vulnerabilities in Cisco Secure Access Control Server Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) provide authentication, authorization, and accounting (AAA) services to network devices such as a network access server, Cisco PIX and a router. This advisory documents multiple Denial of Service (DoS) and a

CVE-2017-3840 Cisco Secure Access Control System Open Redirect Vulnerability CVE-2017-3840: Cisco Secure Access Control System Open Redirect Vulnerability A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request th

CVE-2018-0253 Cisco Secure Access Control System Remote Code Execution Vulnerability CVE-2018-0253: Cisco Secure Access Control System Remote Code Execution Vulnerability A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is due to insufficient validation