CVE-2013-3466 - OpenCVE

The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Secure Access Control Server

Configuration 1 [-]

OR	cpe:2.3:a:cisco:secure_access_control_server::::::::
	cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.0:::::::*
	cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.1:::::::*
	cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.2:::::::*
	cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.3:::::::*
	cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.4:::::::*
	cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.6:::::::*
	cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.7:::::::*
	cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.8:::::::*
	cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.9:::::::*

No data.

References

Link	Providers
http://osvdb.org/96668
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs
http://www.securitytracker.com/id/1028958

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2013-08-29T10:00:00

Updated: 2024-08-06T16:07:37.949Z

Reserved: 2013-05-06T00:00:00

Link: CVE-2013-3466

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-08-29T12:07:53.977

Modified: 2016-11-07T14:59:50.250

Link: CVE-2013-3466

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-08-28T00:00:00", "descriptions": [{"lang": "en", "value": "The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-09-11T09:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20130828 Cisco Secure Access Control Server Remote Command Execution Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs"}, {"name": "1028958", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1028958"}, {"name": "96668", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/96668"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2013-3466", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20130828 Cisco Secure Access Control Server Remote Command Execution Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs"}, {"name": "1028958", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1028958"}, {"name": "96668", "refsource": "OSVDB", "url": "http://osvdb.org/96668"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:07:37.949Z"}, "title": "CVE Program Container", "references": [{"name": "20130828 Cisco Secure Access Control Server Remote Command Execution Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs"}, {"name": "1028958", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1028958"}, {"name": "96668", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/96668"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2013-3466", "datePublished": "2013-08-29T10:00:00", "dateReserved": "2013-05-06T00:00:00", "dateUpdated": "2024-08-06T16:07:37.949Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:secure_access_control_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "1386664C-E82F-421D-997D-E1861F878EF7", "versionEndIncluding": "4.2.1.15.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.0:*:*:*:*:*:*:*", "matchCriteriaId": "21D44CF7-00D9-49D5-9922-8C035E6BFFFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "0381BDA1-9582-4D0B-8D8D-3CD5C44CD962", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.2:*:*:*:*:*:*:*", "matchCriteriaId": "14C97126-884C-4D78-AC21-3CD8D70639F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.3:*:*:*:*:*:*:*", "matchCriteriaId": "7E927176-43B1-4D71-93A0-FF47AFF8BD01", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.4:*:*:*:*:*:*:*", "matchCriteriaId": "7AD5F4A2-9D04-4315-BE7C-7B3A93B48251", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.6:*:*:*:*:*:*:*", "matchCriteriaId": "109AF15B-A54C-4126-A88E-3E40F8902247", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.7:*:*:*:*:*:*:*", "matchCriteriaId": "97733DD7-DC7F-4FDD-A5DA-26F36E6B8F9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.8:*:*:*:*:*:*:*", "matchCriteriaId": "37DF8916-B3B8-4778-93DF-76F5F36C338C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.9:*:*:*:*:*:*:*", "matchCriteriaId": "B4913C9F-5814-4003-9B56-841E228338CA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636."}, {"lang": "es", "value": "El m\u00f3dulo de autenticaci\u00f3n EAP-FAST en Cisco Secure Access Control Server (ACS) v4.x anterior a v4.2.1.15.11, cuando la configuraci\u00f3n de servidor RADIUS est\u00e1 habilitada, no analiza correctamente las identidades de usuario, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de paquetes manipulados EAP-FAST, tambi\u00e9n conocido como Bug ID CSCui57636."}], "id": "CVE-2013-3466", "lastModified": "2016-11-07T14:59:50.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-29T12:07:53.977", "references": [{"source": "ykramarz@cisco.com", "url": "http://osvdb.org/96668"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130828-acs"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1028958"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}