Details of VAR-200012-0057

ID

VAR-200012-0057

CVE

CVE-2000-1054

TITLE

CiscoSecure ACS Server CSAdmin Module buffer overflow vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200012-028

DESCRIPTION

Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet. Depending on the data entered, CiscoSecure ACS for Windows NT can be made to crash or arbitrary code execution can be made possible if an unusually long packet is sent to port 2002. If the application were to crash due to an oversized packet, the CSadmin Module would automatically restart after one minute in versions 2.3x and higher. Existing sessions would re-establish although they would need to be authenticated again. In prior versions, a restart is required in order to regain normal functionality

Trust: 1.26

sources: NVD: CVE-2000-1054 // BID: 1705 // VULHUB: VHN-2624

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control server	scope:	eq	version:	2.1	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	2.3\(3\)	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	2.4\(2\)	Trust: 1.6
vendor:	cisco	model:	secure acs for windows nt	scope:	eq	version:	2.42	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	ne	version:	-	Trust: 0.3

sources: BID: 1705 // CNNVD: CNNVD-200012-028 // NVD: CVE-2000-1054

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-1054
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200012-028
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-2624
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2000-1054
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-2624
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-2624 // CNNVD: CNNVD-200012-028 // NVD: CVE-2000-1054

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-1054

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200012-028

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200012-028

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-2624

EXTERNAL IDS

db:	BID	id:	1705	Trust: 2.0
db:	NVD	id:	CVE-2000-1054	Trust: 1.7
db:	CNNVD	id:	CNNVD-200012-028	Trust: 0.7
db:	CISCO	id:	20000921 MULTIPLE VULNERABILITIES IN CISCOSECURE ACS FOR WINDOWS NT SERVER	Trust: 0.6
db:	XF	id:	5272	Trust: 0.6
db:	EXPLOIT-DB	id:	20235	Trust: 0.1
db:	SEEBUG	id:	SSVID-74120	Trust: 0.1
db:	VULHUB	id:	VHN-2624	Trust: 0.1

sources: VULHUB: VHN-2624 // BID: 1705 // CNNVD: CNNVD-200012-028 // NVD: CVE-2000-1054

REFERENCES

url:	http://www.securityfocus.com/bid/1705	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/5272	Trust: 1.1
url:	http://xforce.iss.net/static/5272.php	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html	Trust: 0.3

sources: VULHUB: VHN-2624 // BID: 1705 // CNNVD: CNNVD-200012-028 // NVD: CVE-2000-1054

CREDITS

Publicized in a Cisco Security Advisory (Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server) on September 21, 2000.

Trust: 0.3

sources: BID: 1705

SOURCES

db:	VULHUB	id:	VHN-2624
db:	BID	id:	1705
db:	CNNVD	id:	CNNVD-200012-028
db:	NVD	id:	CVE-2000-1054

LAST UPDATE DATE

2024-08-14T14:16:23.204000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-2624	date:	2017-10-10T00:00:00
db:	BID	id:	1705	date:	2000-09-21T00:00:00
db:	CNNVD	id:	CNNVD-200012-028	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2000-1054	date:	2017-10-10T01:29:27.780

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-2624	date:	2000-12-11T00:00:00
db:	BID	id:	1705	date:	2000-09-21T00:00:00
db:	CNNVD	id:	CNNVD-200012-028	date:	2000-12-11T00:00:00
db:	NVD	id:	CVE-2000-1054	date:	2000-12-11T05:00:00