Details of VAR-200412-0206

ID

VAR-200412-0206

CVE

CVE-2004-1458

TITLE

Cisco Secure ACS NOVELL Directory Service Verification Bypass Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-272

DESCRIPTION

The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002. Cisco Secure Access Control Server and Secure Access Control Server Solution Engine are reported prone to multiple vulnerabilities. Cisco Secure ACS is reported prone to another denial of service vulnerability when handling Light Extensible Authentication Protocol (LEAP) authentication requests. Cisco Secure ACS is reported prone to an authentication bypass vulnerability when configured to communicate to a Novell Directory Services (NDS) database for authenticating NDS users. Among them, ACS supports NOVELL directory service. However, wrong passwords and incorrect usernames will be rejected for authentication

Trust: 1.26

sources: NVD: CVE-2004-1458 // BID: 11047 // VULHUB: VHN-9888

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.3	Trust: 1.9
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2	Trust: 1.9
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.1	Trust: 1.9
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2\(3\)	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2\(2\)	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2\(1\)	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.3\(1\)	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.0	Trust: 1.3
vendor:	cisco	model:	secure acs solution engine	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	secure acs solution engine	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2\(2\)_build_15	Trust: 0.6
vendor:	cisco	model:	secure acs for windows server	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.3(1)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2(3)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2(2)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2(1)	Trust: 0.3

sources: BID: 11047 // CNNVD: CNNVD-200412-272 // NVD: CVE-2004-1458

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1458
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200412-272
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-9888
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-1458
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9888
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9888 // CNNVD: CNNVD-200412-272 // NVD: CVE-2004-1458

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1458

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-272

TYPE

Unknown

Trust: 0.9

sources: BID: 11047 // CNNVD: CNNVD-200412-272

EXTERNAL IDS

db:	BID	id:	11047	Trust: 2.0
db:	OSVDB	id:	9182	Trust: 1.7
db:	SECUNIA	id:	12386	Trust: 1.7
db:	NVD	id:	CVE-2004-1458	Trust: 1.7
db:	CNNVD	id:	CNNVD-200412-272	Trust: 0.7
db:	CISCO	id:	20040825 MULTIPLE VULNERABILITIES IN CISCO SECURE ACCESS CONTROL SERVER	Trust: 0.6
db:	NSFOCUS	id:	6845	Trust: 0.6
db:	NSFOCUS	id:	6843※6845※6844※6846	Trust: 0.6
db:	NSFOCUS	id:	6844	Trust: 0.6
db:	NSFOCUS	id:	6843	Trust: 0.6
db:	NSFOCUS	id:	6846	Trust: 0.6
db:	CIAC	id:	O-203	Trust: 0.6
db:	XF	id:	17114	Trust: 0.6
db:	VULHUB	id:	VHN-9888	Trust: 0.1

sources: VULHUB: VHN-9888 // BID: 11047 // CNNVD: CNNVD-200412-272 // NVD: CVE-2004-1458

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml	Trust: 2.0
url:	http://www.securityfocus.com/bid/11047	Trust: 1.7
url:	http://www.ciac.org/ciac/bulletins/o-203.shtml	Trust: 1.7
url:	http://osvdb.org/9182	Trust: 1.7
url:	http://secunia.com/advisories/12386/	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17114	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/17114	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/6843※6845※6844※6846	Trust: 0.6
url:	http://www.cisco.com/warp/public/707/tacl.html	Trust: 0.3

sources: VULHUB: VHN-9888 // BID: 11047 // CNNVD: CNNVD-200412-272 // NVD: CVE-2004-1458

CREDITS

Cisco PSIRT※ psirt@cisco.com

Trust: 0.6

sources: CNNVD: CNNVD-200412-272

SOURCES

db:	VULHUB	id:	VHN-9888
db:	BID	id:	11047
db:	CNNVD	id:	CNNVD-200412-272
db:	NVD	id:	CVE-2004-1458

LAST UPDATE DATE

2024-08-14T13:51:14.644000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-9888	date:	2018-10-30T00:00:00
db:	BID	id:	11047	date:	2004-08-25T00:00:00
db:	CNNVD	id:	CNNVD-200412-272	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1458	date:	2018-10-30T16:25:07.323

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-9888	date:	2004-12-31T00:00:00
db:	BID	id:	11047	date:	2004-08-25T00:00:00
db:	CNNVD	id:	CNNVD-200412-272	date:	2004-08-25T00:00:00
db:	NVD	id:	CVE-2004-1458	date:	2004-12-31T05:00:00