CVE-2006-4097

Sažetak

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.

Reference

http://osvdb.org/36125
http://secunia.com/advisories/23629
http://securitytracker.com/id?1017475
http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml
http://www.kb.cert.org/vuls/id/443108
http://www.securityfocus.com/bid/21900
http://www.vupen.com/english/advisories/2007/0068
https://exchange.xforce.ibmcloud.com/vulnerabilities/31334

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

30-10-2018 - 16:25

Objavljeno

31-12-2006 - 05:00