CVE-2004-1461 — Vulnetix

CVE-2004-1461 PUBLISHED CVSS 7.5 HIGH

Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.

EPSS 0.52% · 67.0th percentile

Risk Scores

CVSS 2.0

7.5

EPSS Score

0.52%

67.0th percentile

Affected Products

Vendor	Product	Versions
cisco	secure_acs_solution_engine
cisco	secure_access_control_server	3.0, 3.1, 3.2
n/a	n/a	n/a

Exploit Intelligence

ciscosecure-csadmin-auth-bypass(17118) (circl)
11047 (circl)
20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server (circl)

Timeline

Aug 25, 2004 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 25, 2023 EPSS Score
Jun 5, 2023 EPSS Score

References

ciscosecure-csadmin-auth-bypass(17118) vdb
11047 vdb
20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2004-1461 advisory

Open in Interactive Console →