CVE-2013-3466

Published Aug 29, 2013

Last updated 8 years ago

CVSS info 9.3

Overview

Description: The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.
Source: ykramarz@cisco.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:secure_access_control_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1386664C-E82F-421D-997D-E1861F878EF7",
            "versionEndIncluding": "4.2.1.15.10"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21D44CF7-00D9-49D5-9922-8C035E6BFFFB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0381BDA1-9582-4D0B-8D8D-3CD5C44CD962"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14C97126-884C-4D78-AC21-3CD8D70639F6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E927176-43B1-4D71-93A0-FF47AFF8BD01"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AD5F4A2-9D04-4315-BE7C-7B3A93B48251"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "109AF15B-A54C-4126-A88E-3E40F8902247"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97733DD7-DC7F-4FDD-A5DA-26F36E6B8F9F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37DF8916-B3B8-4778-93DF-76F5F36C338C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4913C9F-5814-4003-9B56-841E228338CA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References