Details of VAR-200501-0246

ID

VAR-200501-0246

CVE

CVE-2004-1099

TITLE

Cisco ACS Bypass authentication vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200501-056

DESCRIPTION

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. This issue is due to a failure of the software to properly validate user credentials prior to granting access. The problem presents itself when an attacker attempts to authenticate to the affected server. Apparently the application will grant access to any attacker that presents a valid user name and a certificate that is cryptographically correct. An attacker can leverage this issue to gain unauthorized remote access to any devices or networks that rely on the affected software for access control

Trust: 1.26

sources: NVD: CVE-2004-1099 // BID: 11577 // VULHUB: VHN-9529

AFFECTED PRODUCTS

vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.3.1	Trust: 1.9
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.3\(1\)	Trust: 1.6
vendor:	cisco	model:	secure acs solution engine	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	secure acs solution engine	scope:	-	version:	-	Trust: 0.9
vendor:	cisco	model:	secure access control server solution engine	scope:	eq	version:	3.3.1	Trust: 0.6
vendor:	cisco	model:	secure acs solution engine	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	eq	version:	3.3(1)	Trust: 0.3
vendor:	cisco	model:	secure acs solution engine	scope:	ne	version:	3.3.2	Trust: 0.3
vendor:	cisco	model:	secure acs solution engine	scope:	ne	version:	3.3	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	ne	version:	3.3.2	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	ne	version:	3.3	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	ne	version:	3.2.2	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	ne	version:	3.2.1	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	ne	version:	3.2(3)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	ne	version:	3.2(2)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	ne	version:	3.2(1.20)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	ne	version:	3.2(1)	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	ne	version:	3.2	Trust: 0.3
vendor:	cisco	model:	secure access control server	scope:	ne	version:	3.1	Trust: 0.3

sources: BID: 11577 // CNNVD: CNNVD-200501-056 // NVD: CVE-2004-1099

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1099
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200501-056
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-9529
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1099
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9529
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9529 // CNNVD: CNNVD-200501-056 // NVD: CVE-2004-1099

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1099

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200501-056

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200501-056

EXTERNAL IDS

db:	BID	id:	11577	Trust: 2.0
db:	NVD	id:	CVE-2004-1099	Trust: 1.7
db:	CNNVD	id:	CNNVD-200501-056	Trust: 0.7
db:	CISCO	id:	20041102 VULNERABILITY IN CISCO SECURE ACCESS CONTROL SERVER EAP-TLS AUTHENTICATION	Trust: 0.6
db:	CIAC	id:	P-028	Trust: 0.6
db:	XF	id:	17936	Trust: 0.6
db:	VULHUB	id:	VHN-9529	Trust: 0.1

sources: VULHUB: VHN-9529 // BID: 11577 // CNNVD: CNNVD-200501-056 // NVD: CVE-2004-1099

REFERENCES

url:	http://www.securityfocus.com/bid/11577	Trust: 1.7
url:	http://www.ciac.org/ciac/bulletins/p-028.shtml	Trust: 1.7
url:	http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17936	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/17936	Trust: 0.6
url:	http://www.cisco.com/en/us/products/sw/secursw/ps2086/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/products_security_advisory09186a008033320e.shtml	Trust: 0.3

sources: VULHUB: VHN-9529 // BID: 11577 // CNNVD: CNNVD-200501-056 // NVD: CVE-2004-1099

CREDITS

The individual responsible for the discovery of this issue is currently unknown; the vendor disclosed this issue.

Trust: 0.3

sources: BID: 11577

SOURCES

db:	VULHUB	id:	VHN-9529
db:	BID	id:	11577
db:	CNNVD	id:	CNNVD-200501-056
db:	NVD	id:	CVE-2004-1099

LAST UPDATE DATE

2024-08-14T14:16:04.487000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-9529	date:	2018-10-30T00:00:00
db:	BID	id:	11577	date:	2004-11-02T00:00:00
db:	CNNVD	id:	CNNVD-200501-056	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1099	date:	2018-10-30T16:25:32.637

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-9529	date:	2005-01-10T00:00:00
db:	BID	id:	11577	date:	2004-11-02T00:00:00
db:	CNNVD	id:	CNNVD-200501-056	date:	2005-01-10T00:00:00
db:	NVD	id:	CVE-2004-1099	date:	2005-01-10T05:00:00