CyberSec.Space Logo
CVEブラウザに戻る

CVE-2006-4098

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1830%
EPSS Percentile34.38th
Published2006年12月31日
Last Modified2026年4月23日

Vulnerability Description

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.

Affected Platforms (CPE)

📦
Cisco

Secure Access Control Server

= 3.0
📦
Cisco

Secure Access Control Server

= 3.1
📦
Cisco

Secure Access Control Server

= 3.2
📦
Cisco

Secure Access Control Server

= 3.2\(1\)
📦
Cisco

Secure Access Control Server

= 3.2\(1.20\)
📦
Cisco

Secure Access Control Server

= 3.2\(2\)
📦
Cisco

Secure Access Control Server

= 3.2\(3\)
📦
Cisco

Secure Access Control Server

= 3.2.1
📦
Cisco

Secure Access Control Server

= 3.2.2
📦
Cisco

Secure Access Control Server

= 3.3
📦
Cisco

Secure Access Control Server

= 3.3\(1\)
📦
Cisco

Secure Access Control Server

= 3.3.1
📦
Cisco

Secure Access Control Server

= 3.3.2
📦
Cisco

Secure Access Control Server

= 4.0
📦
Cisco

Secure Access Control Server

= 4.0.1

References & Advisories

🔗 http://osvdb.org/36126
🔗 http://secunia.com/advisories/23629
🔗 http://securitytracker.com/id?1017475
🔗 http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml
🔗 http://www.kb.cert.org/vuls/id/477164
🔗 http://www.securityfocus.com/bid/21900
🔗 http://www.vupen.com/english/advisories/2007/0068
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/31327

関連する脆弱性情報

CVE-2004-109910.0

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution ...

CVE-2008-053210.0

Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Contr...

CVE-2017-234310.0

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to ...

CVE-2016-19089.8

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 serv...