7.5

CVE-2006-3226

Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoSecure Access Control Server Version4.0 Editionwindows
CiscoSecure Access Control Server Version4.0.1 Editionwindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.34% 0.814
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/20816
http://securityreason.com/securityalert/1157
http://securitytracker.com/id?1016369
http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_response09186a00806c68f9.html
Vendor Advisory
http://www.osvdb.org/26825
http://www.securityfocus.com/archive/1/438161/100/0/threaded
http://www.securityfocus.com/archive/1/438258/100/0/threaded
http://www.securityfocus.com/bid/18621
http://www.vupen.com/english/advisories/2006/2524
https://exchange.xforce.ibmcloud.com/vulnerabilities/27328