PT-2004-2071 · Cisco · Cisco Secure Access Control Server Solution Engine+1

Publicado

2004-12-01

Atualizado

2018-10-30

CVE-2004-1099

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) version 3.3.1

Description: The issue allows remote attackers to bypass authentication and gain unauthorized access by utilizing a certificate with valid fields, such as the username, even if the certificate is expired or untrusted. This occurs when the EAP-TLS protocol is enabled.

Recommendations: For Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) version 3.3.1, consider disabling the EAP-TLS protocol until a patch is available to properly handle expired or untrusted certificates.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-1099

Produtos afetados

Cisco Secure Access Control Server Solution Engine

Cisco Secure Access Control Server For Windows

PT-2004-2071 · Cisco · Cisco Secure Access Control Server Solution Engine+1

CVE-2004-1099

Identificadores relacionados

Produtos afetados

Referências · 5