Detections
Analytics

CiscoSecure ACS for Windows CSAdmin Login Overflow DoS

high Nessus Plugin ID 11556

Language:

Synopsis

Arbitrary code may be executed on the remote host.

Description

The remote web server crashed when the 'login.exe' CGI received a too login query string. This leads to a denial of service or even execution of arbitrary code. Some versions of Cisco Secure ACS web server are known to be vulnerable to this flaw.

Solution

Install ACS for Windows versions 3.0.4, 3.1.2, or later

See Also

http://www.nessus.org/u?9a387006

Plugin Details

Severity: High

ID: 11556

File Name: cisco_acs_web_overflow.nasl

Version: 1.25

Type: remote

Family: Web Servers

Published: 4/30/2003

Updated: 7/6/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:cisco:secure_access_control_server

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 4/23/2003

Vulnerability Publication Date: 4/23/2003

Reference Information

CVE: CVE-2003-0210

BID: 7413

CERT: 697049

NSFOCUS: SA2003-04