PT-2004-2372 · Cisco · Cisco Secure Access Control Server

Published

2004-12-31

Updated

2017-07-11

CVE-2004-1459

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: Cisco Secure Access Control Server (ACS) version 3.2

Description: The issue allows remote attackers to cause a denial of service, resulting in a device crash, via certain LEAP authentication requests when the Cisco Secure Access Control Server is configured as a LEAP RADIUS proxy.

Recommendations: For Cisco Secure Access Control Server (ACS) version 3.2, consider disabling the LEAP RADIUS proxy functionality as a temporary workaround until a patch is available. Restrict access to the LEAP authentication requests to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1459

Affected Products

Cisco Secure Access Control Server

PT-2004-2372 · Cisco · Cisco Secure Access Control Server

CVE-2004-1459

Related Identifiers

Affected Products

References · 4