CVE-2006-4098
Last modified
CVE-2006-4098 is a vulnerability of currently unknown severity. Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.. EPSS estimates a 12.72% chance of exploitation in the next 30 days.
Description
Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Secure Access Control Server | 3.0 |
| Cisco | Secure Access Control Server | 3.1 |
| Cisco | Secure Access Control Server | 3.2 |
| Cisco | Secure Access Control Server | 3.2\(1\) |
| Cisco | Secure Access Control Server | 3.2\(1.20\) |
| Cisco | Secure Access Control Server | 3.2\(2\) |
| Cisco | Secure Access Control Server | 3.2\(3\) |
| Cisco | Secure Access Control Server | 3.2.1 |
| Cisco | Secure Access Control Server | 3.2.2 |
| Cisco | Secure Access Control Server | 3.3 |
| Cisco | Secure Access Control Server | 3.3\(1\) |
| Cisco | Secure Access Control Server | 3.3.1 |
| Cisco | Secure Access Control Server | 3.3.2 |
| Cisco | Secure Access Control Server | 4.0 |
| Cisco | Secure Access Control Server | 4.0.1 |
References
- http://secunia.com/advisories/23629Vendor Advisory
- http://www.kb.cert.org/vuls/id/477164US Government Resource
- http://secunia.com/advisories/23629Vendor Advisory
- http://www.kb.cert.org/vuls/id/477164US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-4098?
How severe is CVE-2006-4098?
How do I fix CVE-2006-4098?
Are you affected by CVE-2006-4098?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST