CyberSec.Space Logo
Back to CVE Browser

CVE-2006-4097

HIGH
7.8
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile32.26th
PublishedDec 31, 2006
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.

Affected Platforms (CPE)

πŸ“¦
Cisco

Secure Access Control Server

<= 4.0
πŸ“¦
Cisco

Secure Access Control Server

= 4.1

References & Advisories

πŸ”— http://osvdb.org/36125
πŸ”— http://secunia.com/advisories/23629
πŸ”— http://securitytracker.com/id?1017475
πŸ”— http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml
πŸ”— http://www.kb.cert.org/vuls/id/443108
πŸ”— http://www.securityfocus.com/bid/21900
πŸ”— http://www.vupen.com/english/advisories/2007/0068
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/31334

Related Vulnerabilities

CVE-2004-109910.0

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution ...

CVE-2006-409810.0

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Sol...

CVE-2017-234310.0

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to ...

CVE-2008-053210.0

Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Contr...