CVE-2013-3466
Published Aug 29, 2013
Last updated 8 years ago
Overview
- Description
- The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-287
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1386664C-E82F-421D-997D-E1861F878EF7",
"versionEndIncluding": "4.2.1.15.10"
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21D44CF7-00D9-49D5-9922-8C035E6BFFFB"
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0381BDA1-9582-4D0B-8D8D-3CD5C44CD962"
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14C97126-884C-4D78-AC21-3CD8D70639F6"
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E927176-43B1-4D71-93A0-FF47AFF8BD01"
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7AD5F4A2-9D04-4315-BE7C-7B3A93B48251"
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "109AF15B-A54C-4126-A88E-3E40F8902247"
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97733DD7-DC7F-4FDD-A5DA-26F36E6B8F9F"
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37DF8916-B3B8-4778-93DF-76F5F36C338C"
},
{
"criteria": "cpe:2.3:a:cisco:secure_access_control_server:4.2.1.15.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4913C9F-5814-4003-9B56-841E228338CA"
}
],
"operator": "OR"
}
]
}
]