The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Secure_access_control_server | Cisco | 3.0 (including) | 3.0 (including) |
| Secure_access_control_server | Cisco | 3.1 (including) | 3.1 (including) |
| Secure_access_control_server | Cisco | 3.2 (including) | 3.2 (including) |
| Secure_access_control_server | Cisco | 3.2(1) (including) | 3.2(1) (including) |
| Secure_access_control_server | Cisco | 3.2(2) (including) | 3.2(2) (including) |
| Secure_access_control_server | Cisco | 3.2(3) (including) | 3.2(3) (including) |
| Secure_access_control_server | Cisco | 3.3 (including) | 3.3 (including) |
| Secure_access_control_server | Cisco | 3.3(1) (including) | 3.3(1) (including) |
| Secure_acs_solution_engine | Cisco | * | * |
References
- http://osvdb.org/9182
- http://secunia.com/advisories/12386/
- http://www.ciac.org/ciac/bulletins/o-203.shtml
- http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml
- http://www.securityfocus.com/bid/11047
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17114
- http://osvdb.org/9182
- http://secunia.com/advisories/12386/
- http://www.ciac.org/ciac/bulletins/o-203.shtml
- http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml
- http://www.securityfocus.com/bid/11047
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17114