PT-2004-2071 · Cisco · Cisco Secure Access Control Server Solution Engine+1

Published

2004-12-01

Updated

2018-10-30

CVE-2004-1099

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) version 3.3.1

Description: The issue allows remote attackers to bypass authentication and gain unauthorized access by utilizing a certificate with valid fields, such as the username, even if the certificate is expired or untrusted. This occurs when the EAP-TLS protocol is enabled.

Recommendations: For Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) version 3.3.1, consider disabling the EAP-TLS protocol until a patch is available to properly handle expired or untrusted certificates.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1099

Affected Products

Cisco Secure Access Control Server Solution Engine

Cisco Secure Access Control Server For Windows

PT-2004-2071 · Cisco · Cisco Secure Access Control Server Solution Engine+1

CVE-2004-1099

Related Identifiers

Affected Products

References · 5