Sign-up

ID

VAR-200412-0209


CVE

CVE-2004-1461


TITLE

Cisco Secure ACS NOVELL Directory Service Verification Bypass Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-541

DESCRIPTION

Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address. Cisco Secure Access Control Server and Secure Access Control Server Solution Engine are reported prone to multiple vulnerabilities. These vulnerabilities may allow remote attackers to cause denial of service conditions and gain unauthorized access to AAA clients and ACS administration interface. The following specific vulnerabilities were reported by the vendor: A remote attacker can trigger a denial of service condition in ACS Windows and ACS Solution Engine by establishing a large amount of TCP connections to the CSAdmin application. Cisco Secure ACS is reported prone to another denial of service vulnerability when handling Light Extensible Authentication Protocol (LEAP) authentication requests. Cisco Secure ACS is reported prone to an authentication bypass vulnerability when configured to communicate to a Novell Directory Services (NDS) database for authenticating NDS users. Another vulnerability affecting ACS may allow remote attackers to gain unauthenticated access to the administration interface of the service. Among them, ACS supports NOVELL directory service. However, wrong passwords and incorrect usernames will be rejected for authentication

Trust: 1.26

sources: NVD: CVE-2004-1461 // BID: 11047 // VULHUB: VHN-9891

AFFECTED PRODUCTS

vendor:ciscomodel:secure access control serverscope:eqversion:3.3

Trust: 1.9

vendor:ciscomodel:secure access control serverscope:eqversion:3.2

Trust: 1.9

vendor:ciscomodel:secure access control serverscope:eqversion:3.1

Trust: 1.9

vendor:ciscomodel:secure access control serverscope:eqversion:3.0

Trust: 1.9

vendor:ciscomodel:secure access control serverscope:eqversion:3.2\(1\)

Trust: 1.6

vendor:ciscomodel:secure access control serverscope:eqversion:3.2\(3\)

Trust: 1.6

vendor:ciscomodel:secure access control serverscope:eqversion:3.2\(2\)

Trust: 1.6

vendor:ciscomodel:secure access control serverscope:eqversion:3.3\(1\)

Trust: 1.6

vendor:ciscomodel:secure acs solution enginescope:eqversion:*

Trust: 1.0

vendor:ciscomodel:secure acs solution enginescope: - version: -

Trust: 0.9

vendor:ciscomodel:secure acs for windows serverscope:eqversion:3.2

Trust: 0.3

vendor:ciscomodel:secure access control serverscope:eqversion:3.3(1)

Trust: 0.3

vendor:ciscomodel:secure access control serverscope:eqversion:3.2(3)

Trust: 0.3

vendor:ciscomodel:secure access control serverscope:eqversion:3.2(2)

Trust: 0.3

vendor:ciscomodel:secure access control serverscope:eqversion:3.2(1)

Trust: 0.3

sources: BID: 11047 // CNNVD: CNNVD-200412-541 // NVD: CVE-2004-1461

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-1461
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200412-541
value: HIGH

Trust: 0.6

VULHUB: VHN-9891
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-1461
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-9891
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-9891 // CNNVD: CNNVD-200412-541 // NVD: CVE-2004-1461

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1461

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-541

TYPE

Unknown

Trust: 0.9

sources: BID: 11047 // CNNVD: CNNVD-200412-541

EXTERNAL IDS

db:BIDid:11047

Trust: 2.0

db:NVDid:CVE-2004-1461

Trust: 1.7

db:CNNVDid:CNNVD-200412-541

Trust: 0.7

db:NSFOCUSid:6844

Trust: 0.6

db:NSFOCUSid:6843

Trust: 0.6

db:NSFOCUSid:6846

Trust: 0.6

db:NSFOCUSid:6845

Trust: 0.6

db:NSFOCUSid:6843※6845※6844※6846

Trust: 0.6

db:CISCOid:20040825 MULTIPLE VULNERABILITIES IN CISCO SECURE ACCESS CONTROL SERVER

Trust: 0.6

db:XFid:17118

Trust: 0.6

db:VULHUBid:VHN-9891

Trust: 0.1

sources: VULHUB: VHN-9891 // BID: 11047 // CNNVD: CNNVD-200412-541 // NVD: CVE-2004-1461

REFERENCES

url:http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml

Trust: 2.0

url:http://www.securityfocus.com/bid/11047

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/17118

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/17118

Trust: 0.6

url:http://www.nsfocus.net/vulndb/6843※6845※6844※6846

Trust: 0.6

url:http://www.cisco.com/warp/public/707/tacl.html

Trust: 0.3

sources: VULHUB: VHN-9891 // BID: 11047 // CNNVD: CNNVD-200412-541 // NVD: CVE-2004-1461

CREDITS

Cisco PSIRT※ psirt@cisco.com

Trust: 0.6

sources: CNNVD: CNNVD-200412-541

SOURCES

db:VULHUBid:VHN-9891
db:BIDid:11047
db:CNNVDid:CNNVD-200412-541
db:NVDid:CVE-2004-1461

LAST UPDATE DATE

2024-08-14T13:51:14.727000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-9891date:2017-07-11T00:00:00
db:BIDid:11047date:2004-08-25T00:00:00
db:CNNVDid:CNNVD-200412-541date:2005-10-20T00:00:00
db:NVDid:CVE-2004-1461date:2017-07-11T01:31:03.153

SOURCES RELEASE DATE

db:VULHUBid:VHN-9891date:2004-12-31T00:00:00
db:BIDid:11047date:2004-08-25T00:00:00
db:CNNVDid:CNNVD-200412-541date:2004-08-25T00:00:00
db:NVDid:CVE-2004-1461date:2004-12-31T05:00:00