Vulnerability Description
Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Secure Access Control Server | 3.0 |
References
- http://osvdb.org/36126
- http://secunia.com/advisories/23629Vendor Advisory
- http://securitytracker.com/id?1017475
- http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml
- http://www.kb.cert.org/vuls/id/477164US Government Resource
- http://www.securityfocus.com/bid/21900
- http://www.vupen.com/english/advisories/2007/0068
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31327
- http://osvdb.org/36126
- http://secunia.com/advisories/23629Vendor Advisory
- http://securitytracker.com/id?1017475
- http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml
- http://www.kb.cert.org/vuls/id/477164US Government Resource
- http://www.securityfocus.com/bid/21900
- http://www.vupen.com/english/advisories/2007/0068
FAQ
What is CVE-2006-4098?
CVE-2006-4098 is a vulnerability with a CVSS score of 10.0 (HIGH). Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary c...
How severe is CVE-2006-4098?
CVE-2006-4098 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4098?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Secure Access Control Server.