CVE-2006-4097

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.

Severity	HIGH
CVSS	7.8
CWE	NVD-CWE-noinfo
KEV
Published	19 years ago
Modified	3 weeks ago

Related Products

Product	Advisory	Evidence
Cisco Secure Access Control Server Solution Engine (ACSE)	Cisco-SA-20070105-CVE-2006-4097	Cisco OpenVuln
Cisco Secure Access Control Server (ACS) for Windows	Cisco-SA-20070105-CVE-2006-4097	Cisco OpenVuln