7.2

CVE-2006-0561

Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoSecure Access Control Server Version3.0 Editionwindows_nt
CiscoSecure Access Control Server Version3.0.1 Editionwindows_nt
CiscoSecure Access Control Server Version3.0.3 Editionwindows_nt
CiscoSecure Access Control Server Version3.1 Editionwindows_nt
CiscoSecure Access Control Server Version3.1.1 Editionwindows_nt
CiscoSecure Access Control Server Version3.2 Editionwindows_nt
CiscoSecure Access Control Server Version3.2 Editionwindows_server
CiscoSecure Access Control Server Version3.3 Editionwindows_nt
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.277
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://securitytracker.com/id?1016042
Patch
http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml
Patch
http://www.osvdb.org/25892
http://www.securityfocus.com/archive/1/433286/100/0/threaded
Vendor Advisory
http://www.securityfocus.com/archive/1/433301/100/0/threaded
Patch
Vendor Advisory
http://www.securityfocus.com/bid/16743
Patch
http://www.symantec.com/enterprise/research/SYMSA-2006-003.txt
Patch
Vendor Advisory
http://www.vupen.com/english/advisories/2006/1741
https://exchange.xforce.ibmcloud.com/vulnerabilities/26307