Stack-Based Buffer Overflow in Cisco Secure Access Control Server for Windows
CVE-2006-4098

Currently unrated

Key Information:

Vendor: Cisco
Status: Secure Access Control Server
Vendor: CVE Published:; 31 December 2006

Summary

The CSRadius service within Cisco's Secure Access Control Server for Windows is susceptible to a stack-based buffer overflow. This flaw enables remote attackers to manipulate the service by sending specially crafted RADIUS Accounting-Request packets, potentially leading to arbitrary code execution on the affected systems. This vulnerability affects versions of Cisco Secure Access Control Server prior to 4.1, along with the ACS Solution Engine, which also lacks sufficient protections against such attacks.

References

http://secunia.com/advisories/23629

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/21900

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/477164

third-party-advisoryx_refsource_CERT-VN

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 31, 2006
Vulnerability Reserved
Aug 14, 2006