CVE-2004-1461

Published: Dec 31, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address.

Affected (10)

Products: Cisco: Secure Access Control Server, Secure Acs Solution Engine

Cisco

2 products

Secure Access Control Server

Secure Acs Solution Engine

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Cisco Secure Access Control Server	Version 3.0
Cisco Secure Access Control Server	Version 3.1
Cisco Secure Access Control Server	Version 3.2
Cisco Secure Access Control Server	Version 3.2
Cisco Secure Access Control Server	Version 3.2(1)
Cisco Secure Access Control Server	Version 3.2(2)
Cisco Secure Access Control Server	Version 3.2(3)
Cisco Secure Access Control Server	Version 3.3
Cisco Secure Access Control Server	Version 3.3(1)
Cisco Secure Acs Solution Engine	All versions

References (6)

http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/11047

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/17118

Source: cve@mitre.org

http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/11047

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/17118

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.