Vulnerability Name:

CVE-2006-3101 (CCN-27166)

Assigned:2006-06-15
Published:2006-06-15
Updated:2018-10-18
Summary:Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Thu Jun 15 2006 - 12:02:51 CDT
Cisco Secure ACS Cross Site Scripting Vulnerability.

Source: CCN
Type: BugTraq Mailing List, Sat Jun 17 2006 - 05:51:38 CDT
RE: Cisco Secure ACS Cross Site Scripting Vulnerability.

Source: MITRE
Type: CNA
CVE-2006-3101

Source: CCN
Type: SA20699
Cisco Secure ACS for Unix Cross-Site Scripting Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
20699

Source: SREASON
Type: UNKNOWN
1116

Source: CCN
Type: SECTRACK ID: 1016317
Cisco Secure ACS for UNIX Input Validation Flaw in `LogonProxy.cgi` Permits Cross-Site Scripting Attacks

Source: SECTRACK
Type: Exploit, Patch
1016317

Source: CCN
Type: Cisco Security Response 2006 June 15 1700 UTC (GMT)
Cisco Security Response to: Cisco Secure ACS for UNIX Cross Site Scripting Vulnerability

Source: CISCO
Type: Patch
20060615 Cisco Secure ACS for UNIX Cross Site Scripting Vulnerability

Source: OSVDB
Type: UNKNOWN
26531

Source: CCN
Type: OSVDB ID: 26531
Cisco Secure ACS for Unix LogonProxy.cgi Multiple Parameter XSS

Source: BUGTRAQ
Type: UNKNOWN
20060615 Cisco Secure ACS Cross Site Scripting Vulnerability.

Source: BUGTRAQ
Type: UNKNOWN
20060617 RE: Cisco Secure ACS Cross Site Scripting Vulnerability.

Source: BID
Type: Exploit, Patch
18449

Source: CCN
Type: BID-18449
Cisco Secure ACS LoginProxy.CGI Cross-Site Scripting Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-2384

Source: XF
Type: UNKNOWN
cisco-acs-logonproxy-xss(27166)

Source: XF
Type: UNKNOWN
cisco-acs-logonproxy-xss(27166)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cisco:secure_access_control_server:2.3:*:unix:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:cisco:secure_acs_for_unix:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    cisco secure access control server 2.3
    cisco secure acs for unix -