Vulnerability CVE-2007-0105

Vulnerability Name:

CVE-2007-0105 (CCN-31323)

Assigned:

2007-01-05

Published:

2007-01-05

Updated:

2017-07-29

Summary:

Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2007-0105

Source: CCN
Type: SA23629
Cisco Secure ACS Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
23629

Source: CCN
Type: SECTRACK ID: 1017475
Cisco Secure Access Control Server CSAdmin and CSRadius Stack Overflows Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1017475

Source: CCN
Type: cisco-sa-20070105-csacs
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server

Source: CISCO
Type: Vendor Advisory
20070105 Multiple Vulnerabilities in Cisco Secure Access Control Server

Source: CCN
Type: US-CERT VU#744249
Cisco Secure Access Control Server vulnerable to a stack-based buffer overflow via a specially crafted "HTTP GET" request

Source: CERT-VN
Type: US Government Resource
VU#744249

Source: OSVDB
Type: UNKNOWN
32642

Source: CCN
Type: OSVDB ID: 32642
Cisco Secure ACS Crafted HTTP GET Request Remote Overflow

Source: BID
Type: UNKNOWN
21900

Source: CCN
Type: BID-21900
Cisco Secure Access Control Server Multiple Remote Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2007-0068

Source: XF
Type: UNKNOWN
cisco-acs-csadmin-bo(31323)

Source: XF
Type: UNKNOWN
cisco-acs-csadmin-bo(31323)

Vulnerable Configuration:

Configuration 1:

cpe:/a:cisco:secure_access_control_server:*:*:*:*:*:*:*:* (Version <= 4.0.1)

Configuration CCN 1:

cpe:/a:cisco:secure_access_control_server:4.0:-:windows:*:*:*:*:*

OR cpe:/a:cisco:secure_access_control_server:4.0.1:-:windows:*:*:*:*:*

Denotes that component is vulnerable

BACK