Details of VAR-200012-0059

ID

VAR-200012-0059

CVE

CVE-2000-1056

TITLE

CiscoSecure ACS Server Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200012-046

DESCRIPTION

CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords. There are certain Lightweight Directory Access Protocol (LDAP) servers that allow users to have undefined passwords. Vulnerabilities exist in CiscoSecure ACS Server 2.4(2) and earlier versions

Trust: 1.26

sources: NVD: CVE-2000-1056 // BID: 1708 // VULHUB: VHN-2626

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control server	scope:	eq	version:	2.1	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	2.3\(3\)	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	2.4\(2\)	Trust: 1.6
vendor:	cisco	model:	secure acs for windows nt	scope:	eq	version:	2.42	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	ne	version:	-	Trust: 0.3

sources: BID: 1708 // CNNVD: CNNVD-200012-046 // NVD: CVE-2000-1056

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2000-1056
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200012-046
value:	HIGH
Trust: 0.6
VULHUB:	VHN-2626
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2000-1056
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-2626
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-2626 // CNNVD: CNNVD-200012-046 // NVD: CVE-2000-1056

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-1056

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200012-046

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200012-046

EXTERNAL IDS

db:	BID	id:	1708	Trust: 2.0
db:	NVD	id:	CVE-2000-1056	Trust: 1.7
db:	CNNVD	id:	CNNVD-200012-046	Trust: 0.7
db:	CISCO	id:	20000921 MULTIPLE VULNERABILITIES IN CISCOSECURE ACS FOR WINDOWS NT SERVER	Trust: 0.6
db:	XF	id:	5274	Trust: 0.6
db:	VULHUB	id:	VHN-2626	Trust: 0.1

sources: VULHUB: VHN-2626 // BID: 1708 // CNNVD: CNNVD-200012-046 // NVD: CVE-2000-1056

REFERENCES

url:	http://www.securityfocus.com/bid/1708	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/5274	Trust: 1.1
url:	http://xforce.iss.net/static/5274.php	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/voicesw/ps4625/index.html	Trust: 0.3

sources: VULHUB: VHN-2626 // BID: 1708 // CNNVD: CNNVD-200012-046 // NVD: CVE-2000-1056

CREDITS

Publicized in a Cisco Security Advisory (Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server) on September 21, 2000.

Trust: 0.3

sources: BID: 1708

SOURCES

db:	VULHUB	id:	VHN-2626
db:	BID	id:	1708
db:	CNNVD	id:	CNNVD-200012-046
db:	NVD	id:	CVE-2000-1056

LAST UPDATE DATE

2024-08-14T14:16:23.180000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-2626	date:	2017-10-10T00:00:00
db:	BID	id:	1708	date:	2000-09-21T00:00:00
db:	CNNVD	id:	CNNVD-200012-046	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2000-1056	date:	2017-10-10T01:29:27.907

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-2626	date:	2000-12-11T00:00:00
db:	BID	id:	1708	date:	2000-09-21T00:00:00
db:	CNNVD	id:	CNNVD-200012-046	date:	2000-12-11T00:00:00
db:	NVD	id:	CVE-2000-1056	date:	2000-12-11T05:00:00