Details of VAR-200412-0208

ID

VAR-200412-0208

CVE

CVE-2004-1460

TITLE

Cisco Secure ACS NOVELL Directory Service Verification Bypass Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-304

DESCRIPTION

Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password. Cisco Secure Access Control Server and Secure Access Control Server Solution Engine are reported prone to multiple vulnerabilities. The following specific vulnerabilities were reported by the vendor: A remote attacker can trigger a denial of service condition in ACS Windows and ACS Solution Engine by establishing a large amount of TCP connections to the CSAdmin application. Cisco Secure ACS is reported prone to another denial of service vulnerability when handling Light Extensible Authentication Protocol (LEAP) authentication requests. Another vulnerability affecting ACS may allow remote attackers to gain unauthenticated access to the administration interface of the service. Among them, ACS supports NOVELL directory service. However, wrong passwords and incorrect usernames will be rejected for authentication

Trust: 1.26

sources: NVD: CVE-2004-1460 // BID: 11047 // VULHUB: VHN-9890

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.3	Trust: 1.9
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2	Trust: 1.9
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.1	Trust: 1.9
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.0	Trust: 1.9
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2\(1\)	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2\(3\)	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2\(2\)	Trust: 1.6
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.3\(1\)	Trust: 1.6
vendor:	cisco	model:	secure acs solution engine	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	secure acs solution engine	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	secure acs for windows server	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.3(1)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2(3)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2(2)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.2(1)	Trust: 0.3

sources: BID: 11047 // CNNVD: CNNVD-200412-304 // NVD: CVE-2004-1460

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1460
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200412-304
value:	HIGH
Trust: 0.6
VULHUB:	VHN-9890
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1460
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9890
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9890 // CNNVD: CNNVD-200412-304 // NVD: CVE-2004-1460

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1460

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-304

TYPE

Unknown

Trust: 0.9

sources: BID: 11047 // CNNVD: CNNVD-200412-304

EXTERNAL IDS

db:	BID	id:	11047	Trust: 2.0
db:	NVD	id:	CVE-2004-1460	Trust: 1.7
db:	CNNVD	id:	CNNVD-200412-304	Trust: 0.7
db:	XF	id:	17117	Trust: 0.6
db:	NSFOCUS	id:	6844	Trust: 0.6
db:	NSFOCUS	id:	6843	Trust: 0.6
db:	NSFOCUS	id:	6846	Trust: 0.6
db:	NSFOCUS	id:	6845	Trust: 0.6
db:	NSFOCUS	id:	6843※6845※6844※6846	Trust: 0.6
db:	CISCO	id:	20040825 MULTIPLE VULNERABILITIES IN CISCO SECURE ACCESS CONTROL SERVER	Trust: 0.6
db:	VULHUB	id:	VHN-9890	Trust: 0.1

sources: VULHUB: VHN-9890 // BID: 11047 // CNNVD: CNNVD-200412-304 // NVD: CVE-2004-1460

REFERENCES

url:	http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml	Trust: 2.0
url:	http://www.securityfocus.com/bid/11047	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17117	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/17117	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/6843※6845※6844※6846	Trust: 0.6
url:	http://www.cisco.com/warp/public/707/tacl.html	Trust: 0.3

sources: VULHUB: VHN-9890 // BID: 11047 // CNNVD: CNNVD-200412-304 // NVD: CVE-2004-1460

CREDITS

Cisco PSIRT※ psirt@cisco.com

Trust: 0.6

sources: CNNVD: CNNVD-200412-304

SOURCES

db:	VULHUB	id:	VHN-9890
db:	BID	id:	11047
db:	CNNVD	id:	CNNVD-200412-304
db:	NVD	id:	CVE-2004-1460

LAST UPDATE DATE

2024-08-14T13:51:14.699000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-9890	date:	2017-07-11T00:00:00
db:	BID	id:	11047	date:	2004-08-25T00:00:00
db:	CNNVD	id:	CNNVD-200412-304	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1460	date:	2017-07-11T01:31:03.090

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-9890	date:	2004-12-31T00:00:00
db:	BID	id:	11047	date:	2004-08-25T00:00:00
db:	CNNVD	id:	CNNVD-200412-304	date:	2004-08-25T00:00:00
db:	NVD	id:	CVE-2004-1460	date:	2004-12-31T05:00:00