Cisco Secure ACS EAP Parsing Flaw Leading to Service Disruption
CVE-2008-2441

Currently unrated

Key Information:

Vendor

Cisco
Status
Secure Access Control Server
Secure Acs
Vendor
CVE Published:
4 September 2008

What is CVE-2008-2441?

The vulnerability in Cisco Secure ACS allows remote authenticated users to exploit the improper handling of EAP Response packets. By sending a crafted packet where the length field exceeds the actual packet length, attackers can initiate a denial of service condition resulting in crashes of CSRadius and CSAuth services. This flaw also opens the door to potential execution of arbitrary code through specifically designed RADIUS messages, such as EAP-Response/Identity, EAP-Response/MD5, or EAP-Response/TLS Message Attributes.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securitytracker.com/id?1020814
vdb-entryx_refsource_SECTRACK
http://www.cisco.com/warp/public/707/cisco-sr-20080903-cs...
vendor-advisoryx_refsource_CISCO
http://secunia.com/advisories/31731
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.