CVE-2004-1461 - OpenCVE

Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Secure Access Control Server Secure Acs Solution Engine

Configuration 1 [-]

OR	cpe:2.3:a:cisco:secure_access_control_server:3.0:::::::*
	cpe:2.3:a:cisco:secure_access_control_server:3.1:::::::*
	cpe:2.3:a:cisco:secure_access_control_server:3.2:::::::*
	cpe:2.3:a:cisco:secure_access_control_server:3.2::windows_server:::::
	cpe:2.3:a:cisco:secure_access_control_server:3.2\(1\):::::::*
	cpe:2.3:a:cisco:secure_access_control_server:3.2\(2\):::::::*
	cpe:2.3:a:cisco:secure_access_control_server:3.2\(3\):::::::*
	cpe:2.3:a:cisco:secure_access_control_server:3.3:::::::*
	cpe:2.3:a:cisco:secure_access_control_server:3.3\(1\):::::::*
	cpe:2.3:a:cisco:secure_acs_solution_engine::::::::

No data.

References

Link	Providers
http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml
http://www.securityfocus.com/bid/11047
https://exchange.xforce.ibmcloud.com/vulnerabilities/17118

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-02-13T05:00:00

Updated: 2024-08-08T00:53:23.999Z

Reserved: 2005-02-13T00:00:00

Link: CVE-2004-1461

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2017-07-11T01:31:03.153

Link: CVE-2004-1461

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-08-25T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ciscosecure-csadmin-auth-bypass(17118)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17118"}, {"name": "11047", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11047"}, {"name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1461", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ciscosecure-csadmin-auth-bypass(17118)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17118"}, {"name": "11047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11047"}, {"name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server", "refsource": "CISCO", "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:53:23.999Z"}, "title": "CVE Program Container", "references": [{"name": "ciscosecure-csadmin-auth-bypass(17118)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17118"}, {"name": "11047", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/11047"}, {"name": "20040825 Multiple Vulnerabilities in Cisco Secure Access Control Server", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1461", "datePublished": "2005-02-13T05:00:00", "dateReserved": "2005-02-13T00:00:00", "dateUpdated": "2024-08-08T00:53:23.999Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "44D05855-C8C1-4243-8438-5A36A01A8F48", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "FB11A75E-2E4B-4B83-B763-CBBC1D9DFB36", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "109147BF-3225-48E4-8BE1-2E5B59921032", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2:*:windows_server:*:*:*:*:*", "matchCriteriaId": "7CDA01B6-6887-40BB-B541-65F198D03219", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "86806D6E-1BDF-4253-AEB7-D9D88D224812", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "680E5A81-6409-4CE7-8496-D7845FD7E851", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.2\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "3868E060-0278-491A-9943-1A2E435C7606", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "D2793200-D95D-4BD3-8DF2-4A847230FBE5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:3.3\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "0E587654-B5A0-47A4-BED6-D8DB69AEF566", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_acs_solution_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B17AFE8-DEC5-49BD-98EE-051454A632E5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address."}], "id": "CVE-2004-1461", "lastModified": "2017-07-11T01:31:03.153", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/11047"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17118"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}