7.8

CVE-2006-4097

EPSS 1.83%
Veröffentlicht 31.12.2006 05:00:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet.  NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Secure Access Control Server Version <= 4.0

Cisco ≫ Secure Access Control Server Version4.1 Editionwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.83%	0.822

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

http://osvdb.org/36125

http://secunia.com/advisories/23629

Vendor Advisory

http://securitytracker.com/id?1017475

http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml

Patch

Vendor Advisory

http://www.kb.cert.org/vuls/id/443108

US Government Resource

http://www.securityfocus.com/bid/21900

http://www.vupen.com/english/advisories/2007/0068

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/31334

https://nvd.nist.gov/vuln/detail/CVE-2006-4097

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-4097

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-4097

EUVD