Description
The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002.
Affected products
- Cisco / secure_access_control_server3.0 – 3.0
- Cisco / secure_access_control_server3.1 – 3.1
- Cisco / secure_access_control_server3.2 – 3.2
- Cisco / secure_access_control_server3.2 – 3.2
- Cisco / secure_access_control_server3.2(1) – 3.2(1)
- Cisco / secure_access_control_server3.2(2) – 3.2(2)
- Cisco / secure_access_control_server3.2(3) – 3.2(3)
- Cisco / secure_access_control_server3.3 – 3.3
- Cisco / secure_access_control_server3.3(1) – 3.3(1)
- Cisco / secure_acs_solution_engine
References
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17114
- MISChttp://osvdb.org/9182
- VENDOR_ADVISORYhttp://secunia.com/advisories/12386/
- MISChttp://www.ciac.org/ciac/bulletins/o-203.shtml
- MISChttp://www.securityfocus.com/bid/11047
- VENDOR_ADVISORYhttp://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml