Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Secure_access_control_server | Cisco | 3.0 (including) | 3.0 (including) |
Secure_access_control_server | Cisco | 3.1 (including) | 3.1 (including) |
Secure_access_control_server | Cisco | 3.2 (including) | 3.2 (including) |
Secure_access_control_server | Cisco | 3.2(1) (including) | 3.2(1) (including) |
Secure_access_control_server | Cisco | 3.2(2) (including) | 3.2(2) (including) |
Secure_access_control_server | Cisco | 3.2(3) (including) | 3.2(3) (including) |
Secure_access_control_server | Cisco | 3.3 (including) | 3.3 (including) |
Secure_access_control_server | Cisco | 3.3(1) (including) | 3.3(1) (including) |
Secure_acs_solution_engine | Cisco | * | * |