CVE-2008-2441 - OpenCVE

Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Secure Access Control Server Secure Acs

Configuration 1 [-]

OR	cpe:2.3:a:cisco:secure_acs::::::::
	cpe:2.3:h:cisco:secure_access_control_server::::::::

No data.

References

Link	Providers
http://secunia.com/advisories/31731
http://securityreason.com/securityalert/4216
http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml
http://www.securityfocus.com/archive/1/495937/100/0/threaded
http://www.securityfocus.com/bid/30997
http://www.securitytracker.com/id?1020814
https://exchange.xforce.ibmcloud.com/vulnerabilities/44871

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-04T16:00:00

Updated: 2024-08-07T08:58:02.309Z

Reserved: 2008-05-27T00:00:00

Link: CVE-2008-2441

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-09-04T16:41:00.000

Modified: 2018-10-11T20:41:38.677

Link: CVE-2008-2441

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-03T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1020814", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020814"}, {"name": "20080903 Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"}, {"name": "31731", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31731"}, {"name": "4216", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4216"}, {"name": "20080903 Cisco Secure ACS EAP Parsing Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"}, {"name": "30997", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30997"}, {"name": "cisco-sacs-eap-dos(44871)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2441", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1020814", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020814"}, {"name": "20080903 Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability", "refsource": "CISCO", "url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"}, {"name": "31731", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31731"}, {"name": "4216", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4216"}, {"name": "20080903 Cisco Secure ACS EAP Parsing Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"}, {"name": "30997", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30997"}, {"name": "cisco-sacs-eap-dos(44871)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:58:02.309Z"}, "title": "CVE Program Container", "references": [{"name": "1020814", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020814"}, {"name": "20080903 Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"}, {"name": "31731", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31731"}, {"name": "4216", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4216"}, {"name": "20080903 Cisco Secure ACS EAP Parsing Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"}, {"name": "30997", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30997"}, {"name": "cisco-sacs-eap-dos(44871)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2441", "datePublished": "2008-09-04T16:00:00", "dateReserved": "2008-05-27T00:00:00", "dateUpdated": "2024-08-07T08:58:02.309Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_acs:*:*:*:*:*:*:*:*", "matchCriteriaId": "E137A796-4F14-4BFB-81C5-11A145DDD1F4", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:secure_access_control_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "7ACD712D-B8B8-4551-925E-27E541C8001F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet."}, {"lang": "es", "value": "Cisco Secure ACS versiones 3.x anteriores a 3.3 (4) Build 12, Parche 7, versiones 4.0.x, versiones 4.1.x anteriores a 4.1 (4) Build 13, Parche 11 y versiones 4.2.x anteriores a 4.2 (0) Build 124, Parche 4 no maneja apropiadamente un paquete de EAP Response en el que el valor del campo length excede la longitud actual del paquete, lo que permite a los usuarios autenticados remotos causar una denegaci\u00f3n de servicio (bloqueo del servicio CSRadius y CSAuth) o posiblemente ejecutar c\u00f3digo arbitrario por medio de un paquete RADIUS dise\u00f1ado (1) EAP-Response/Identity, (2) EAP-Response/MD5, o (3) EAP-Response/TLS Message Attribute."}], "id": "CVE-2008-2441", "lastModified": "2018-10-11T20:41:38.677", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-04T16:41:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31731"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4216"}, {"source": "cve@mitre.org", "url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30997"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1020814"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}, {"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}