7.8

CVE-2006-4097

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet.  NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoSecure Access Control Server Version4.1 Editionwindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.12% 0.895
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://osvdb.org/36125
http://secunia.com/advisories/23629
Vendor Advisory
http://securitytracker.com/id?1017475
http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/443108
US Government Resource
http://www.securityfocus.com/bid/21900
http://www.vupen.com/english/advisories/2007/0068
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31334