返回 CVE 瀏覽器

CVE-2006-4097

HIGH

7.8

CVSS Severity Score

EPSS Score0.1270%

EPSS Percentile32.26th

Published2006年12月31日

Last Modified2026年4月23日

Vulnerability Description

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.

Affected Platforms (CPE)

📦

Cisco

Secure Access Control Server

<= 4.0

📦

Cisco

Secure Access Control Server

= 4.1

References & Advisories

🔗 http://osvdb.org/36125

🔗 http://secunia.com/advisories/23629

🔗 http://securitytracker.com/id?1017475

🔗 http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml

🔗 http://www.kb.cert.org/vuls/id/443108

🔗 http://www.securityfocus.com/bid/21900

🔗 http://www.vupen.com/english/advisories/2007/0068

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/31334

相關漏洞威脅

CVE-2004-109910.0

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution ...

CVE-2006-409810.0

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Sol...

CVE-2017-234310.0

The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to ...

CVE-2008-053210.0

Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Contr...