Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3226

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3226
Last Modified 07 Mar 2011 09:38:07
Published 26 Jun 2006 12:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3226

Summary

Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability."

Vulnerable Systems

Application

  • Cisco Secure Access Control Server 4.0

  • Cisco Secure Access Control Server 4.0.1


References

XF - cisco-acs-session-spoofing(27328)

VUPEN - ADV-2006-2524

BID - 18621

BUGTRAQ - 20060623 Re: Cisco Secure ACS Weak Session Management Vulnerability

BUGTRAQ - 20060623 Cisco Secure ACS Weak Session Management Vulnerability

SECTRACK - 1016369

OSVDB - 26825

SREASON - 1157

SECUNIA - 20816


Last Updated: 27 May 2016 10:42:56