7.8

CVE-2006-4097

EPSS 1.83%
Published 31.12.2006 05:00:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet.  NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Secure Access Control Server Version <= 4.0

Cisco ≫ Secure Access Control Server Version4.1 Editionwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.83%	0.822

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

http://osvdb.org/36125

http://secunia.com/advisories/23629

Vendor Advisory

http://securitytracker.com/id?1017475

http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml

Patch

Vendor Advisory

http://www.kb.cert.org/vuls/id/443108

US Government Resource

http://www.securityfocus.com/bid/21900

http://www.vupen.com/english/advisories/2007/0068

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/31334

https://nvd.nist.gov/vuln/detail/CVE-2006-4097

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-4097

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-4097

EUVD