Vulnerability Description
Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Secure Access Control Server | <= 4.0 |
References
- http://osvdb.org/36125
- http://secunia.com/advisories/23629Vendor Advisory
- http://securitytracker.com/id?1017475
- http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/443108US Government Resource
- http://www.securityfocus.com/bid/21900
- http://www.vupen.com/english/advisories/2007/0068Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31334
- http://osvdb.org/36125
- http://secunia.com/advisories/23629Vendor Advisory
- http://securitytracker.com/id?1017475
- http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtmlPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/443108US Government Resource
- http://www.securityfocus.com/bid/21900
- http://www.vupen.com/english/advisories/2007/0068Vendor Advisory
FAQ
What is CVE-2006-4097?
CVE-2006-4097 is a vulnerability with a CVSS score of 7.8 (HIGH). Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a den...
How severe is CVE-2006-4097?
CVE-2006-4097 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4097?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Secure Access Control Server.