CVE-2006-4097
Last modified
CVE-2006-4097 is a vulnerability of currently unknown severity. Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.. EPSS estimates a 4.12% chance of exploitation in the next 30 days.
Description
Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Secure Access Control Server | <= 4.0 |
| Cisco | Secure Access Control Server | 4.1 |
References
- http://secunia.com/advisories/23629Vendor Advisory
- http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtmlPatch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/443108US Government Resource
- http://www.vupen.com/english/advisories/2007/0068Vendor Advisory
- http://secunia.com/advisories/23629Vendor Advisory
- http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtmlPatch, Vendor Advisory
- http://www.kb.cert.org/vuls/id/443108US Government Resource
- http://www.vupen.com/english/advisories/2007/0068Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-4097?
How severe is CVE-2006-4097?
How do I fix CVE-2006-4097?
Are you affected by CVE-2006-4097?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST