CVE-2004-1461

Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.

Severity	HIGH
CVSS	7.5
CWE	NVD-CWE-Other
KEV
Published	21 years ago
Modified	1 month ago

Related Products

Product	Advisory	Evidence
Cisco Secure Access Control Server Solution Engine (ACSE)	cisco-sa-20040825-acs	Cisco OpenVuln
Cisco Secure Access Control Server (ACS) for Windows	cisco-sa-20040825-acs	Cisco OpenVuln