Vulnerability Description
Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Secure Access Control Server | 4.0 |
References
- http://secunia.com/advisories/20816
- http://securityreason.com/securityalert/1157
- http://securitytracker.com/id?1016369
- http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_respVendor Advisory
- http://www.osvdb.org/26825
- http://www.securityfocus.com/archive/1/438161/100/0/threaded
- http://www.securityfocus.com/archive/1/438258/100/0/threaded
- http://www.securityfocus.com/bid/18621
- http://www.vupen.com/english/advisories/2006/2524
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27328
- http://secunia.com/advisories/20816
- http://securityreason.com/securityalert/1157
- http://securitytracker.com/id?1016369
- http://www.cisco.com/en/US/products/sw/secursw/ps2086/tsd_products_security_respVendor Advisory
- http://www.osvdb.org/26825
FAQ
What is CVE-2006-3226?
CVE-2006-3226 is a vulnerability with a CVSS score of 7.5 (HIGH). Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows re...
How severe is CVE-2006-3226?
CVE-2006-3226 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3226?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Secure Access Control Server.